mirror of
https://github.com/reactos/reactos.git
synced 2024-09-15 23:28:15 +00:00
- check input in PNP_GetRootDeviceInstance
- fix length check in PNP_GetClassName - allocate device id string dynamically in to avoid a potential buffer overflow - use lstrlenW over wcslen in PnpEventThread svn path=/trunk/; revision=33088
This commit is contained in:
parent
622f5b732e
commit
659ebcce5b
|
@ -308,6 +308,11 @@ DWORD PNP_GetRootDeviceInstance(
|
||||||
|
|
||||||
DPRINT("PNP_GetRootDeviceInstance() called\n");
|
DPRINT("PNP_GetRootDeviceInstance() called\n");
|
||||||
|
|
||||||
|
if (!pDeviceID)
|
||||||
|
{
|
||||||
|
ret = CR_INVALID_POINTER;
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
if (ulLength < lstrlenW(szRootDeviceId) + 1)
|
if (ulLength < lstrlenW(szRootDeviceId) + 1)
|
||||||
{
|
{
|
||||||
ret = CR_BUFFER_SMALL;
|
ret = CR_BUFFER_SMALL;
|
||||||
|
@ -891,9 +896,8 @@ DWORD PNP_GetClassName(
|
||||||
|
|
||||||
DPRINT("PNP_GetClassName() called\n");
|
DPRINT("PNP_GetClassName() called\n");
|
||||||
|
|
||||||
lstrcpyW(szKeyName, L"System\\CurrentControlSet\\Control\\Class");
|
lstrcpyW(szKeyName, L"System\\CurrentControlSet\\Control\\Class\\");
|
||||||
lstrcatW(szKeyName, L"\\");
|
if(lstrlenW(pszClassGuid) + 1 < sizeof(szKeyName)/sizeof(WCHAR)-(lstrlenW(szKeyName) * sizeof(WCHAR)))
|
||||||
if(lstrlenW(pszClassGuid) < sizeof(szKeyName)/sizeof(WCHAR)-lstrlenW(szKeyName))
|
|
||||||
lstrcatW(szKeyName, pszClassGuid);
|
lstrcatW(szKeyName, pszClassGuid);
|
||||||
else return CR_INVALID_DATA;
|
else return CR_INVALID_DATA;
|
||||||
|
|
||||||
|
@ -1250,7 +1254,8 @@ DWORD PNP_AddID(
|
||||||
HKEY hDeviceKey;
|
HKEY hDeviceKey;
|
||||||
LPWSTR pszSubKey;
|
LPWSTR pszSubKey;
|
||||||
DWORD dwDeviceIdListSize;
|
DWORD dwDeviceIdListSize;
|
||||||
WCHAR szDeviceIdList[512];
|
DWORD dwNewDeviceIdSize;
|
||||||
|
WCHAR * pszDeviceIdList = NULL;
|
||||||
|
|
||||||
UNREFERENCED_PARAMETER(hBinding);
|
UNREFERENCED_PARAMETER(hBinding);
|
||||||
|
|
||||||
|
@ -1271,12 +1276,40 @@ DWORD PNP_AddID(
|
||||||
|
|
||||||
pszSubKey = (ulFlags & CM_ADD_ID_COMPATIBLE) ? L"CompatibleIDs" : L"HardwareID";
|
pszSubKey = (ulFlags & CM_ADD_ID_COMPATIBLE) ? L"CompatibleIDs" : L"HardwareID";
|
||||||
|
|
||||||
dwDeviceIdListSize = 512 * sizeof(WCHAR);
|
|
||||||
if (RegQueryValueExW(hDeviceKey,
|
if (RegQueryValueExW(hDeviceKey,
|
||||||
pszSubKey,
|
pszSubKey,
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
(LPBYTE)szDeviceIdList,
|
NULL,
|
||||||
|
&dwDeviceIdListSize) != ERROR_SUCCESS)
|
||||||
|
{
|
||||||
|
DPRINT("Failed to query the desired ID string!\n");
|
||||||
|
ret = CR_REGISTRY_ERROR;
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
|
||||||
|
dwNewDeviceIdSize = lstrlenW(pszDeviceID);
|
||||||
|
if (!dwNewDeviceIdSize)
|
||||||
|
{
|
||||||
|
ret = CR_INVALID_POINTER;
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
|
||||||
|
dwDeviceIdListSize += (dwNewDeviceIdSize + 2) * sizeof(WCHAR);
|
||||||
|
|
||||||
|
pszDeviceIdList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwDeviceIdListSize);
|
||||||
|
if (!pszDeviceIdList)
|
||||||
|
{
|
||||||
|
DPRINT("Failed to allocate memory for the desired ID string!\n");
|
||||||
|
ret = CR_OUT_OF_MEMORY;
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (RegQueryValueExW(hDeviceKey,
|
||||||
|
pszSubKey,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
(LPBYTE)pszDeviceIdList,
|
||||||
&dwDeviceIdListSize) != ERROR_SUCCESS)
|
&dwDeviceIdListSize) != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT("Failed to query the desired ID string!\n");
|
DPRINT("Failed to query the desired ID string!\n");
|
||||||
|
@ -1285,7 +1318,7 @@ DWORD PNP_AddID(
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check whether the device ID is already in use */
|
/* Check whether the device ID is already in use */
|
||||||
if (CheckForDeviceId(szDeviceIdList, pszDeviceID))
|
if (CheckForDeviceId(pszDeviceIdList, pszDeviceID))
|
||||||
{
|
{
|
||||||
DPRINT("Device ID was found in the ID string!\n");
|
DPRINT("Device ID was found in the ID string!\n");
|
||||||
ret = CR_SUCCESS;
|
ret = CR_SUCCESS;
|
||||||
|
@ -1293,13 +1326,13 @@ DWORD PNP_AddID(
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Append the Device ID */
|
/* Append the Device ID */
|
||||||
AppendDeviceId(szDeviceIdList, &dwDeviceIdListSize, pszID);
|
AppendDeviceId(pszDeviceIdList, &dwDeviceIdListSize, pszID);
|
||||||
|
|
||||||
if (RegSetValueExW(hDeviceKey,
|
if (RegSetValueExW(hDeviceKey,
|
||||||
pszSubKey,
|
pszSubKey,
|
||||||
0,
|
0,
|
||||||
REG_MULTI_SZ,
|
REG_MULTI_SZ,
|
||||||
(LPBYTE)szDeviceIdList,
|
(LPBYTE)pszDeviceIdList,
|
||||||
dwDeviceIdListSize) != ERROR_SUCCESS)
|
dwDeviceIdListSize) != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
DPRINT("Failed to set the desired ID string!\n");
|
DPRINT("Failed to set the desired ID string!\n");
|
||||||
|
@ -1308,6 +1341,8 @@ DWORD PNP_AddID(
|
||||||
|
|
||||||
Done:
|
Done:
|
||||||
RegCloseKey(hDeviceKey);
|
RegCloseKey(hDeviceKey);
|
||||||
|
if (pszDeviceIdList)
|
||||||
|
HeapFree(GetProcessHeap(), 0, pszDeviceIdList);
|
||||||
|
|
||||||
DPRINT("PNP_AddID() done (returns %lx)\n", ret);
|
DPRINT("PNP_AddID() done (returns %lx)\n", ret);
|
||||||
|
|
||||||
|
@ -2071,12 +2106,15 @@ PnpEventThread(LPVOID lpParameter)
|
||||||
{
|
{
|
||||||
DeviceInstallParams* Params;
|
DeviceInstallParams* Params;
|
||||||
DWORD len;
|
DWORD len;
|
||||||
|
DWORD DeviceIdLength;
|
||||||
|
|
||||||
DPRINT("Device arrival event: %S\n", PnpEvent->TargetDevice.DeviceIds);
|
DPRINT("Device arrival event: %S\n", PnpEvent->TargetDevice.DeviceIds);
|
||||||
|
|
||||||
|
DeviceIdLength = lstrlenW(PnpEvent->TargetDevice.DeviceIds);
|
||||||
|
if (DeviceIdLength)
|
||||||
|
{
|
||||||
/* Queue device install (will be dequeued by DeviceInstallThread */
|
/* Queue device install (will be dequeued by DeviceInstallThread */
|
||||||
len = FIELD_OFFSET(DeviceInstallParams, DeviceIds)
|
len = FIELD_OFFSET(DeviceInstallParams, DeviceIds) + (DeviceIdLength + 1) * sizeof(WCHAR);
|
||||||
+ wcslen(PnpEvent->TargetDevice.DeviceIds) * sizeof(WCHAR) + sizeof(UNICODE_NULL);
|
|
||||||
Params = HeapAlloc(GetProcessHeap(), 0, len);
|
Params = HeapAlloc(GetProcessHeap(), 0, len);
|
||||||
if (Params)
|
if (Params)
|
||||||
{
|
{
|
||||||
|
@ -2089,6 +2127,7 @@ PnpEventThread(LPVOID lpParameter)
|
||||||
SetEvent(hDeviceInstallListNotEmpty);
|
SetEvent(hDeviceInstallListNotEmpty);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
DPRINT1("Unknown event\n");
|
DPRINT1("Unknown event\n");
|
||||||
|
|
Loading…
Reference in a new issue