Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-25 08:00:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS] Fix MSVC warnings

Browse source 
Be strict about string length to prevent overflows.
This commit is contained in:
Timo Kreuzer 2025-04-09 17:17:21 +03:00
parent aa6c33b21c
commit aa60e56199
4 changed files with 46 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ntoskrnl/io/iomgr/deviface.c
View file

@ -824,13 +824,13 @@ IoGetDeviceInterfaceAlias(
DeviceString.MaximumLength = DeviceString.Length;
DeviceString.Buffer = Buffer;
/*
/*
* Separate symbolic link into 4 parts:
* 1) prefix string (\??\ for kernel mode or \\?\ for user mode),
* 2) munged path string (like ##?#ACPI#PNP0501#1#{GUID}),
* 3) GUID string (the current GUID),
* 4) reference string (goes after GUID, starts with '\').
*
*
* We need only reference string.
*/
Status = IopSeparateSymbolicLink(SymbolicLinkName,
@ -1905,7 +1905,7 @@ IoSetDeviceInterfaceState(IN PUNICODE_STRING SymbolicLinkName,
}
ASSERT(GuidString.Buffer >= LinkNameNoPrefix.Buffer + 1);
DeviceInstance.Length = (GuidString.Buffer - LinkNameNoPrefix.Buffer - 1) * sizeof(WCHAR);
DeviceInstance.Length = (USHORT)((GuidString.Buffer - LinkNameNoPrefix.Buffer - 1) * sizeof(WCHAR));
if (DeviceInstance.Length == 0)
{
DPRINT1("No device instance in link name '%wZ'\n", SymbolicLinkName);

32
ntoskrnl/io/iomgr/driver.c
View file

@ -5,7 +5,7 @@
* PURPOSE: Driver Object Management
* PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
* Filip Navara (navaraf@reactos.org)
* Hervé Poussineau (hpoussin@reactos.org)
* Hervé Poussineau (hpoussin@reactos.org)
*/
/* INCLUDES *******************************************************************/
@ -136,13 +136,19 @@ IopGetDriverNames(
if (NT_SUCCESS(status))
{
/* We've got the ObjectName, use it as the driver name */
if (kvInfo->Type != REG_SZ || kvInfo->DataLength == 0)
if ((kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo);
return STATUS_ILL_FORMED_SERVICE_ENTRY;
}
driverName.Length = kvInfo->DataLength - sizeof(UNICODE_NULL);
driverName.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
driverName.MaximumLength = kvInfo->DataLength;
driverName.Buffer = ExAllocatePoolWithTag(NonPagedPool, driverName.MaximumLength, TAG_IO);
if (!driverName.Buffer)
@ -963,13 +969,19 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry)
{
continue;
}
if (kvInfo->Type != REG_SZ || kvInfo->DataLength == 0)
if ((kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo);
continue;
}
instancePath.Length = kvInfo->DataLength - sizeof(UNICODE_NULL);
instancePath.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
instancePath.MaximumLength = kvInfo->DataLength;
instancePath.Buffer = ExAllocatePoolWithTag(NonPagedPool,
instancePath.MaximumLength,
@ -1948,13 +1960,19 @@ IopLoadDriver(
Status = IopGetRegistryValue(ServiceHandle, L"ImagePath", &kvInfo);
if (NT_SUCCESS(Status))
{
if ((kvInfo->Type != REG_EXPAND_SZ && kvInfo->Type != REG_SZ) || kvInfo->DataLength == 0)
if ((kvInfo->Type != REG_EXPAND_SZ && kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo);
return STATUS_ILL_FORMED_SERVICE_ENTRY;
}
ImagePath.Length = kvInfo->DataLength - sizeof(UNICODE_NULL);
ImagePath.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
ImagePath.MaximumLength = kvInfo->DataLength;
ImagePath.Buffer = ExAllocatePoolWithTag(PagedPool, ImagePath.MaximumLength, TAG_RTLREGISTRY);
if (!ImagePath.Buffer)

25
ntoskrnl/io/pnpmgr/devaction.c
View file

@ -628,11 +628,14 @@ PiCallDriverAddDevice(
Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo);
if (NT_SUCCESS(Status))
{
if (kvInfo->Type == REG_SZ && kvInfo->DataLength > sizeof(WCHAR))
if ((kvInfo->Type == REG_SZ) &&
(kvInfo->DataLength > sizeof(UNICODE_NULL)) &&
(kvInfo->DataLength <= UNICODE_STRING_MAX_BYTES) &&
((kvInfo->DataLength % sizeof(WCHAR)) == 0))
{
UNICODE_STRING classGUID = {
.MaximumLength = kvInfo->DataLength,
.Length = kvInfo->DataLength - sizeof(UNICODE_NULL),
.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL)),
.Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset)
};
HANDLE ccsControlHandle;
@ -1363,14 +1366,20 @@ IopSetServiceEnumData(
return Status;
}
if (kvInfo2->Type != REG_SZ || kvInfo2->DataLength <= sizeof(WCHAR))
if ((kvInfo2->Type != REG_SZ) ||
(kvInfo2->DataLength <= sizeof(UNICODE_NULL)) ||
(kvInfo2->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo2->DataLength % sizeof(WCHAR)) != 0))
{
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo2->Type,
kvInfo2->DataLength);
ExFreePool(kvInfo2);
return STATUS_UNSUCCESSFUL;
}
ServiceName.MaximumLength = kvInfo2->DataLength;
ServiceName.Length = kvInfo2->DataLength - sizeof(UNICODE_NULL);
ServiceName.Length = (USHORT)(kvInfo2->DataLength - sizeof(UNICODE_NULL));
ServiceName.Buffer = (PVOID)((ULONG_PTR)kvInfo2 + kvInfo2->DataOffset);
DPRINT("IopSetServiceEnumData(%p)\n", DeviceNode);
@ -1508,7 +1517,7 @@ done:
* Sends IRP_MN_QUERY_PNP_DEVICE_STATE request and sets device node's flags
* according to the result.
* Tree reenumeration should be started upon a successful return of the function.
*
*
* @todo Do not return STATUS_SUCCESS if nothing is changed.
*/
static
@ -1538,7 +1547,7 @@ PiUpdateDeviceState(
if (PnPFlags & PNP_DEVICE_REMOVED || PnPFlags & PNP_DEVICE_DISABLED)
{
PiSetDevNodeProblem(DeviceNode,
PnPFlags & PNP_DEVICE_DISABLED
PnPFlags & PNP_DEVICE_DISABLED
? CM_PROB_HARDWARE_DISABLED
: CM_PROB_DEVICE_NOT_THERE);
@ -2413,7 +2422,7 @@ PiDevNodeStateMachine(
PiIrpQueryStopDevice(currentNode);
PiSetDevNodeState(currentNode, DeviceNodeQueryStopped);
}
doProcessAgain = TRUE;
}
break;
@ -2617,7 +2626,7 @@ PipDeviceActionWorker(
}
}
// TODO: Windows may return STATUS_DELETE_PENDING here
status = STATUS_SUCCESS;
status = STATUS_SUCCESS;
break;
default:

2
ntoskrnl/ob/oblink.c
View file

@ -442,7 +442,7 @@ ObpParseSymbolicLink(IN PVOID ParsedObject,
POBJECT_SYMBOLIC_LINK SymlinkObject = (POBJECT_SYMBOLIC_LINK)ParsedObject;
PUNICODE_STRING TargetPath;
PWSTR NewTargetPath;
ULONG LengthUsed, MaximumLength, TempLength;
SIZE_T LengthUsed, MaximumLength, TempLength;
NTSTATUS Status;
PAGED_CODE();