mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 18:15:11 +00:00
[NTFS] Fix IRP_MJ_QUERY_INFORMATION/FileNameInformation, which should handle buffers not big enough
svn path=/trunk/; revision=65203
This commit is contained in:
Hervé Poussineau
parent
bdbbb217d5
commit
68487164df
1 changed files with 22 additions and 10 deletions
|
|
@ -143,7 +143,7 @@ NtfsGetNameInformation(PFILE_OBJECT FileObject,
|
|||
PFILE_NAME_INFORMATION NameInfo,
|
||||
PULONG BufferLength)
|
||||
{
|
||||
ULONG NameLength;
|
||||
ULONG BytesToCopy;
|
||||
|
||||
UNREFERENCED_PARAMETER(FileObject);
|
||||
UNREFERENCED_PARAMETER(DeviceObject);
|
||||
|
|
@ -153,18 +153,30 @@ NtfsGetNameInformation(PFILE_OBJECT FileObject,
|
|||
ASSERT(NameInfo != NULL);
|
||||
ASSERT(Fcb != NULL);
|
||||
|
||||
NameLength = wcslen(Fcb->PathName) * sizeof(WCHAR);
|
||||
// NameLength = 2;
|
||||
if (*BufferLength < sizeof(FILE_NAME_INFORMATION) + NameLength)
|
||||
/* If buffer can't hold at least the file name length, bail out */
|
||||
if (*BufferLength < (ULONG)FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]))
|
||||
return STATUS_BUFFER_OVERFLOW;
|
||||
|
||||
NameInfo->FileNameLength = NameLength;
|
||||
memcpy(NameInfo->FileName,
|
||||
Fcb->PathName,
|
||||
NameLength + sizeof(WCHAR));
|
||||
// wcscpy(NameInfo->FileName, L"\\");
|
||||
/* Save file name length, and as much file len, as buffer length allows */
|
||||
NameInfo->FileNameLength = wcslen(Fcb->PathName) * sizeof(WCHAR);
|
||||
|
||||
*BufferLength -= (sizeof(FILE_NAME_INFORMATION) + NameLength + sizeof(WCHAR));
|
||||
/* Calculate amount of bytes to copy not to overflow the buffer */
|
||||
BytesToCopy = min(NameInfo->FileNameLength,
|
||||
*BufferLength - FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]));
|
||||
|
||||
/* Fill in the bytes */
|
||||
RtlCopyMemory(NameInfo->FileName, Fcb->PathName, BytesToCopy);
|
||||
|
||||
/* Check if we could write more but are not able to */
|
||||
if (*BufferLength < NameInfo->FileNameLength + (ULONG)FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]))
|
||||
{
|
||||
/* Return number of bytes written */
|
||||
*BufferLength -= FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]) + BytesToCopy;
|
||||
return STATUS_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
/* We filled up as many bytes, as needed */
|
||||
*BufferLength -= (FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]) + NameInfo->FileNameLength);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue