mirror of
https://github.com/reactos/reactos.git
synced 2024-05-29 00:31:45 +00:00
[BASESRV] Re-enable and actually fix the CsrValidateMessageBuffer() checks in BaseSrvDefineDosDevice(). (#3304)
Addendum to commit 0a392b18.
The actual problem that existed all along was that the buffers being
validated with CsrValidateMessageBuffer() were not the correct ones!
What had to be checked is the string buffer **INSIDE** the UNICODE_STRING
structures! Indeed, it is these buffers that we are allocating on client side,
see https://github.com/reactos/reactos/blob/9b421af1/dll/win32/kernel32/client/dosdev.c#L324-L336
Dedicated to Pierre Schweitzer.
This commit is contained in:
Hermès Bélusca-Maïto
parent
f4279fc356
commit
731eddfe40
|
|
@ -514,22 +514,21 @@ CSR_API(BaseSrvDefineDosDevice)
|
|||
PWSTR InterPtr;
|
||||
BOOLEAN RemoveFound;
|
||||
|
||||
#if 0
|
||||
/* FIXME: Check why it fails.... */
|
||||
if (!CsrValidateMessageBuffer(ApiMessage,
|
||||
(PVOID*)&DefineDosDeviceRequest->DeviceName,
|
||||
(PVOID*)&DefineDosDeviceRequest->DeviceName.Buffer,
|
||||
DefineDosDeviceRequest->DeviceName.Length,
|
||||
1) ||
|
||||
sizeof(BYTE)) ||
|
||||
(DefineDosDeviceRequest->DeviceName.Length & 1) != 0 ||
|
||||
!CsrValidateMessageBuffer(ApiMessage,
|
||||
(PVOID*)&DefineDosDeviceRequest->TargetPath,
|
||||
(DefineDosDeviceRequest->TargetPath.Length != 0 ? sizeof(UNICODE_NULL) : 0) + DefineDosDeviceRequest->TargetPath.Length,
|
||||
1) ||
|
||||
(PVOID*)&DefineDosDeviceRequest->TargetPath.Buffer,
|
||||
DefineDosDeviceRequest->TargetPath.Length +
|
||||
(DefineDosDeviceRequest->TargetPath.Length != 0
|
||||
? sizeof(UNICODE_NULL) : 0),
|
||||
sizeof(BYTE)) ||
|
||||
(DefineDosDeviceRequest->TargetPath.Length & 1) != 0)
|
||||
{
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
#endif
|
||||
|
||||
DPRINT("BaseSrvDefineDosDevice entered, Flags:%d, DeviceName:%wZ (%d), TargetPath:%wZ (%d)\n",
|
||||
DefineDosDeviceRequest->Flags,
|
||||
|
|
|
|||
Loading…
Reference in a new issue