Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-28 21:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile

Browse source
This commit is contained in:
Jérôme Gardou 2020-12-18 17:21:01 +01:00
parent 94f01f5b64
commit a6c0af2e21
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
ntoskrnl/io/iomgr/iofunc.c
View file

@ -2776,6 +2776,14 @@ NtReadFile(IN HANDLE FileHandle,
if (Key) CapturedKey = *Key;
}
/* Check for invalid offset */
if ((CapturedByteOffset.QuadPart < 0) && (CapturedByteOffset.QuadPart != -2))
{
/* -2 is FILE_USE_FILE_POINTER_POSITION */
ObDereferenceObject(FileObject);
return STATUS_INVALID_PARAMETER;
}
/* Check for event */
if (Event)
{
@ -3827,6 +3835,15 @@ NtWriteFile(IN HANDLE FileHandle,
if (Key) CapturedKey = *Key;
}
/* Check for invalid offset */
if (CapturedByteOffset.QuadPart < -2)
{
/* -1 is FILE_WRITE_TO_END_OF_FILE */
/* -2 is FILE_USE_FILE_POINTER_POSITION */
ObDereferenceObject(FileObject);
return STATUS_INVALID_PARAMETER;
}
/* Check if this is an append operation */
if ((ObjectHandleInfo.GrantedAccess &
(FILE_APPEND_DATA | FILE_WRITE_DATA)) == FILE_APPEND_DATA)