[NTOSKRNL] Guard against negative InformationClass enum values. CORE-15651

2024-06-29 17:31:31 +00:00 · 2019-01-19 11:35:18 +01:00 · 2019-01-19 11:35:18 +01:00 · 63977328b1
parent 1a14dcb53f
commit 63977328b1
2 changed files with 16 additions and 8 deletions
--- a/ntoskrnl/ex/sysinfo.c
+++ b/ntoskrnl/ex/sysinfo.c
@ -2847,7 +2847,8 @@ NtQuerySystemInformation(
        /*
         * Check if the request is valid.
         */
-        if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
+        if (SystemInformationClass < MIN_SYSTEM_INFO_CLASS ||
            SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
        {
            _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS);
        }
@ -2871,7 +2872,8 @@ NtQuerySystemInformation(
        /*
         * Check if the request is valid.
         */
-        if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
+        if (SystemInformationClass < MIN_SYSTEM_INFO_CLASS ||
            SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
        {
            _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS);
        }
--- a/ntoskrnl/io/iomgr/iofunc.c
+++ b/ntoskrnl/io/iomgr/iofunc.c
@ -2158,7 +2158,8 @@ NtQueryInformationFile(IN HANDLE FileHandle,
    if (PreviousMode != KernelMode)
    {
        /* Validate the information class */
-        if ((FileInformationClass >= FileMaximumInformation) ||
+        if ((FileInformationClass < 0) ||
            (FileInformationClass >= FileMaximumInformation) ||
            !(IopQueryOperationLength[FileInformationClass]))
        {
            /* Invalid class */
@ -2192,7 +2193,8 @@ NtQueryInformationFile(IN HANDLE FileHandle,
    else
    {
        /* Validate the information class */
-        if ((FileInformationClass >= FileMaximumInformation) ||
+        if ((FileInformationClass < 0) ||
            (FileInformationClass >= FileMaximumInformation) ||
            !(IopQueryOperationLength[FileInformationClass]))
        {
            /* Invalid class */
@ -2959,7 +2961,8 @@ NtSetInformationFile(IN HANDLE FileHandle,
    if (PreviousMode != KernelMode)
    {
        /* Validate the information class */
-        if ((FileInformationClass >= FileMaximumInformation) ||
+        if ((FileInformationClass < 0) ||
            (FileInformationClass >= FileMaximumInformation) ||
            !(IopSetOperationLength[FileInformationClass]))
        {
            /* Invalid class */
@ -2995,7 +2998,8 @@ NtSetInformationFile(IN HANDLE FileHandle,
    else
    {
        /* Validate the information class */
-        if ((FileInformationClass >= FileMaximumInformation) ||
+        if ((FileInformationClass < 0) ||
            (FileInformationClass >= FileMaximumInformation) ||
            !(IopSetOperationLength[FileInformationClass]))
        {
            /* Invalid class */
@ -3991,7 +3995,8 @@ NtQueryVolumeInformationFile(IN HANDLE FileHandle,
    if (PreviousMode != KernelMode)
    {
        /* Validate the information class */
-        if ((FsInformationClass >= FileFsMaximumInformation) ||
+        if ((FsInformationClass < 0) ||
            (FsInformationClass >= FileFsMaximumInformation) ||
            !(IopQueryFsOperationLength[FsInformationClass]))
        {
            /* Invalid class */
@ -4163,7 +4168,8 @@ NtSetVolumeInformationFile(IN HANDLE FileHandle,
    if (PreviousMode != KernelMode)
    {
        /* Validate the information class */
-        if ((FsInformationClass >= FileFsMaximumInformation) ||
+        if ((FsInformationClass < 0) ||
            (FsInformationClass >= FileFsMaximumInformation) ||
            !(IopSetFsOperationLength[FsInformationClass]))
        {
            /* Invalid class */