mirror of
https://github.com/reactos/reactos.git
synced 2024-05-29 00:31:45 +00:00
[BASESRV] Re-enable and actually fix the CsrValidateMessageBuffer() checks in BaseSrvDefineDosDevice(). (#3304)
Addendum to commit 0a392b18
.
The actual problem that existed all along was that the buffers being
validated with CsrValidateMessageBuffer() were not the correct ones!
What had to be checked is the string buffer **INSIDE** the UNICODE_STRING
structures! Indeed, it is these buffers that we are allocating on client side,
see https://github.com/reactos/reactos/blob/9b421af1/dll/win32/kernel32/client/dosdev.c#L324-L336
Dedicated to Pierre Schweitzer.
This commit is contained in:
parent
f4279fc356
commit
731eddfe40
|
@ -514,22 +514,21 @@ CSR_API(BaseSrvDefineDosDevice)
|
|||
PWSTR InterPtr;
|
||||
BOOLEAN RemoveFound;
|
||||
|
||||
#if 0
|
||||
/* FIXME: Check why it fails.... */
|
||||
if (!CsrValidateMessageBuffer(ApiMessage,
|
||||
(PVOID*)&DefineDosDeviceRequest->DeviceName,
|
||||
(PVOID*)&DefineDosDeviceRequest->DeviceName.Buffer,
|
||||
DefineDosDeviceRequest->DeviceName.Length,
|
||||
1) ||
|
||||
sizeof(BYTE)) ||
|
||||
(DefineDosDeviceRequest->DeviceName.Length & 1) != 0 ||
|
||||
!CsrValidateMessageBuffer(ApiMessage,
|
||||
(PVOID*)&DefineDosDeviceRequest->TargetPath,
|
||||
(DefineDosDeviceRequest->TargetPath.Length != 0 ? sizeof(UNICODE_NULL) : 0) + DefineDosDeviceRequest->TargetPath.Length,
|
||||
1) ||
|
||||
(PVOID*)&DefineDosDeviceRequest->TargetPath.Buffer,
|
||||
DefineDosDeviceRequest->TargetPath.Length +
|
||||
(DefineDosDeviceRequest->TargetPath.Length != 0
|
||||
? sizeof(UNICODE_NULL) : 0),
|
||||
sizeof(BYTE)) ||
|
||||
(DefineDosDeviceRequest->TargetPath.Length & 1) != 0)
|
||||
{
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif
|
||||
|
||||
DPRINT("BaseSrvDefineDosDevice entered, Flags:%d, DeviceName:%wZ (%d), TargetPath:%wZ (%d)\n",
|
||||
DefineDosDeviceRequest->Flags,
|
||||
|
|
Loading…
Reference in a new issue