mirror of
https://github.com/reactos/reactos.git
synced 2025-01-01 03:54:02 +00:00
[FASTFAT]
- Fix memory corruption if long file name entry is invalid. - Minor improvements. See issue #6546 for more details. svn path=/trunk/; revision=54222
This commit is contained in:
parent
06c9dfcef7
commit
7940686557
2 changed files with 36 additions and 16 deletions
|
@ -181,7 +181,8 @@ FATGetNextDirEntry(PVOID *pContext,
|
||||||
BOOLEAN Valid = TRUE;
|
BOOLEAN Valid = TRUE;
|
||||||
BOOLEAN Back = FALSE;
|
BOOLEAN Back = FALSE;
|
||||||
|
|
||||||
DirContext->LongNameU.Buffer[0] = 0;
|
DirContext->LongNameU.Length = 0;
|
||||||
|
DirContext->LongNameU.Buffer[0] = UNICODE_NULL;
|
||||||
|
|
||||||
FileOffset.u.HighPart = 0;
|
FileOffset.u.HighPart = 0;
|
||||||
FileOffset.u.LowPart = ROUND_DOWN(DirContext->DirIndex * sizeof(FAT_DIR_ENTRY), PAGE_SIZE);
|
FileOffset.u.LowPart = ROUND_DOWN(DirContext->DirIndex * sizeof(FAT_DIR_ENTRY), PAGE_SIZE);
|
||||||
|
@ -304,14 +305,30 @@ FATGetNextDirEntry(PVOID *pContext,
|
||||||
6, longNameEntry->name5_10,
|
6, longNameEntry->name5_10,
|
||||||
2, longNameEntry->name11_12);
|
2, longNameEntry->name11_12);
|
||||||
|
|
||||||
index = (longNameEntry->id & 0x1f) - 1;
|
index = longNameEntry->id & 0x3f; // Note: it can be 0 for corrupted FS
|
||||||
dirMap |= 1 << index;
|
|
||||||
pName = DirContext->LongNameU.Buffer + 13 * index;
|
|
||||||
|
|
||||||
|
/* Make sure index is valid and we have enaugh space in buffer
|
||||||
|
(we count one char for \0) */
|
||||||
|
if (index > 0 &&
|
||||||
|
index * 13 < DirContext->LongNameU.MaximumLength / sizeof(WCHAR))
|
||||||
|
{
|
||||||
|
index--; // make index 0 based
|
||||||
|
dirMap |= 1 << index;
|
||||||
|
|
||||||
|
pName = DirContext->LongNameU.Buffer + index * 13;
|
||||||
RtlCopyMemory(pName, longNameEntry->name0_4, 5 * sizeof(WCHAR));
|
RtlCopyMemory(pName, longNameEntry->name0_4, 5 * sizeof(WCHAR));
|
||||||
RtlCopyMemory(pName + 5, longNameEntry->name5_10, 6 * sizeof(WCHAR));
|
RtlCopyMemory(pName + 5, longNameEntry->name5_10, 6 * sizeof(WCHAR));
|
||||||
RtlCopyMemory(pName + 11, longNameEntry->name11_12, 2 * sizeof(WCHAR));
|
RtlCopyMemory(pName + 11, longNameEntry->name11_12, 2 * sizeof(WCHAR));
|
||||||
|
|
||||||
|
if (longNameEntry->id & 0x40)
|
||||||
|
{
|
||||||
|
/* It's last LFN entry. Terminate filename with \0 */
|
||||||
|
pName[13] = UNICODE_NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
DPRINT1("Long name entry has invalid index: %x!\n", longNameEntry->id);
|
||||||
|
|
||||||
DPRINT (" longName: [%S]\n", DirContext->LongNameU.Buffer);
|
DPRINT (" longName: [%S]\n", DirContext->LongNameU.Buffer);
|
||||||
|
|
||||||
if (CheckSum != longNameEntry->alias_checksum)
|
if (CheckSum != longNameEntry->alias_checksum)
|
||||||
|
@ -372,13 +389,17 @@ FATGetNextDirEntry(PVOID *pContext,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Make sure filename is NULL terminate and calculate length */
|
||||||
|
DirContext->LongNameU.Buffer[DirContext->LongNameU.MaximumLength / sizeof(WCHAR) - 1]
|
||||||
|
= UNICODE_NULL;
|
||||||
DirContext->LongNameU.Length = wcslen(DirContext->LongNameU.Buffer) * sizeof(WCHAR);
|
DirContext->LongNameU.Length = wcslen(DirContext->LongNameU.Buffer) * sizeof(WCHAR);
|
||||||
|
|
||||||
|
/* Init short name */
|
||||||
vfat8Dot3ToString(&DirContext->DirEntry.Fat, &DirContext->ShortNameU);
|
vfat8Dot3ToString(&DirContext->DirEntry.Fat, &DirContext->ShortNameU);
|
||||||
|
|
||||||
|
/* If we found no LFN, use short name as long */
|
||||||
if (DirContext->LongNameU.Length == 0)
|
if (DirContext->LongNameU.Length == 0)
|
||||||
{
|
|
||||||
RtlCopyUnicodeString(&DirContext->LongNameU, &DirContext->ShortNameU);
|
RtlCopyUnicodeString(&DirContext->LongNameU, &DirContext->ShortNameU);
|
||||||
}
|
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
@ -405,7 +426,7 @@ NTSTATUS FATXGetNextDirEntry(PVOID * pContext,
|
||||||
{
|
{
|
||||||
DirContext->ShortNameU.Buffer[0] = 0;
|
DirContext->ShortNameU.Buffer[0] = 0;
|
||||||
DirContext->ShortNameU.Length = 0;
|
DirContext->ShortNameU.Length = 0;
|
||||||
DirContext->LongNameU.Buffer[0] = L'.';
|
wcscpy(DirContext->LongNameU.Buffer, L".");
|
||||||
DirContext->LongNameU.Length = sizeof(WCHAR);
|
DirContext->LongNameU.Length = sizeof(WCHAR);
|
||||||
RtlCopyMemory(&DirContext->DirEntry.FatX, &pDirFcb->entry.FatX, sizeof(FATX_DIR_ENTRY));
|
RtlCopyMemory(&DirContext->DirEntry.FatX, &pDirFcb->entry.FatX, sizeof(FATX_DIR_ENTRY));
|
||||||
DirContext->DirEntry.FatX.Filename[0] = '.';
|
DirContext->DirEntry.FatX.Filename[0] = '.';
|
||||||
|
@ -417,7 +438,7 @@ NTSTATUS FATXGetNextDirEntry(PVOID * pContext,
|
||||||
{
|
{
|
||||||
DirContext->ShortNameU.Buffer[0] = 0;
|
DirContext->ShortNameU.Buffer[0] = 0;
|
||||||
DirContext->ShortNameU.Length = 0;
|
DirContext->ShortNameU.Length = 0;
|
||||||
DirContext->LongNameU.Buffer[0] = DirContext->LongNameU.Buffer[1] = L'.';
|
wcscpy(DirContext->LongNameU.Buffer, L"..");
|
||||||
DirContext->LongNameU.Length = 2 * sizeof(WCHAR);
|
DirContext->LongNameU.Length = 2 * sizeof(WCHAR);
|
||||||
RtlCopyMemory(&DirContext->DirEntry.FatX, &pDirFcb->entry.FatX, sizeof(FATX_DIR_ENTRY));
|
RtlCopyMemory(&DirContext->DirEntry.FatX, &pDirFcb->entry.FatX, sizeof(FATX_DIR_ENTRY));
|
||||||
DirContext->DirEntry.FatX.Filename[0] = DirContext->DirEntry.FatX.Filename[1] = '.';
|
DirContext->DirEntry.FatX.Filename[0] = DirContext->DirEntry.FatX.Filename[1] = '.';
|
||||||
|
|
|
@ -604,8 +604,7 @@ vfatDirFindFile (
|
||||||
DPRINT (" Index:%d longName:%wZ\n",
|
DPRINT (" Index:%d longName:%wZ\n",
|
||||||
DirContext.DirIndex,
|
DirContext.DirIndex,
|
||||||
&DirContext.LongNameU);
|
&DirContext.LongNameU);
|
||||||
DirContext.LongNameU.Buffer[DirContext.LongNameU.Length / sizeof(WCHAR)] = 0;
|
|
||||||
DirContext.ShortNameU.Buffer[DirContext.ShortNameU.Length / sizeof(WCHAR)] = 0;
|
|
||||||
if (!ENTRY_VOLUME(pDeviceExt, &DirContext.DirEntry))
|
if (!ENTRY_VOLUME(pDeviceExt, &DirContext.DirEntry))
|
||||||
{
|
{
|
||||||
FoundLong = RtlEqualUnicodeString(FileToFindU, &DirContext.LongNameU, TRUE);
|
FoundLong = RtlEqualUnicodeString(FileToFindU, &DirContext.LongNameU, TRUE);
|
||||||
|
|
Loading…
Reference in a new issue