From 70d29ec4238e830a84a4b6d41a0ee3eafe9fcbd5 Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Thu, 5 Sep 2019 08:22:59 +0200 Subject: [PATCH] [MOUNTMGR] Properly validate input buffer size This avoids IOCTL_MOUNTMGR_QUERY_POINTS always failing --- drivers/filters/mountmgr/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/filters/mountmgr/device.c b/drivers/filters/mountmgr/device.c index 17d720e346c..7172a3b5da8 100644 --- a/drivers/filters/mountmgr/device.c +++ b/drivers/filters/mountmgr/device.c @@ -1745,7 +1745,7 @@ MountMgrQueryPoints(IN PDEVICE_EXTENSION DeviceExtension, /* We can't go beyond */ if (((ULONG)MountPoint->SymbolicLinkNameLength + MountPoint->UniqueIdLength + - MountPoint->DeviceNameLength) < Stack->Parameters.DeviceIoControl.InputBufferLength) + MountPoint->DeviceNameLength) > Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; }