Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-28 21:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SETUPAPI] CM_Request_Device_Eject_ExA/W: Fix pszVetoName buffer size validation (#5943)

Browse source 
- Return CR_INVALID_POINTER if pszVetoName is NULL and ulNameLength is not zero
- CM_Request_Device_Eject_ExA: Allow ulNameLength to be zero when pszVetoName is not NULL

Verified with Windows 2003 SP2.
This commit is contained in:
Thamatip Chitpong 2023-11-22 08:58:27 +07:00 committed by GitHub
parent 9578bae858
commit 7f346b1aa3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
dll/win32/setupapi/cfgmgr.c
View file

@ -7483,22 +7483,25 @@ CM_Request_Device_Eject_ExA(
_In_ ULONG ulFlags,
_In_opt_ HMACHINE hMachine)
{
LPWSTR lpLocalVetoName;
LPWSTR lpLocalVetoName = NULL;
CONFIGRET ret;
TRACE("CM_Request_Device_Eject_ExA(%lx %p %s %lu %lx %p)\n",
dnDevInst, pVetoType, debugstr_a(pszVetoName), ulNameLength, ulFlags, hMachine);
if (pszVetoName == NULL && ulNameLength == 0)
return CR_INVALID_POINTER;
if (ulNameLength != 0)
{
if (pszVetoName == NULL)
return CR_INVALID_POINTER;
lpLocalVetoName = HeapAlloc(GetProcessHeap(), 0, ulNameLength * sizeof(WCHAR));
if (lpLocalVetoName == NULL)
return CR_OUT_OF_MEMORY;
lpLocalVetoName = HeapAlloc(GetProcessHeap(), 0, ulNameLength * sizeof(WCHAR));
if (lpLocalVetoName == NULL)
return CR_OUT_OF_MEMORY;
}
ret = CM_Request_Device_Eject_ExW(dnDevInst, pVetoType, lpLocalVetoName,
ulNameLength, ulFlags, hMachine);
if (ret == CR_REMOVE_VETOED)
if (ret == CR_REMOVE_VETOED && ulNameLength != 0)
{
if (WideCharToMultiByte(CP_ACP,
0,
@ -7544,7 +7547,7 @@ CM_Request_Device_Eject_ExW(
if (ulFlags != 0)
return CR_INVALID_FLAG;
if (pszVetoName == NULL && ulNameLength == 0)
if (pszVetoName == NULL && ulNameLength != 0)
return CR_INVALID_POINTER;
if (hMachine != NULL)