Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-07-27 07:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[CDFS]

Browse source 
Add a few sanity checks to our handling of ISO 9660 / Joliet:
- Null name entries are forbidden
- Degenerated entries (mistmaching sizes) reveal broken layout

In both cases, the lookup for a file is aborted and the CD considered as corrupted by the FSD.
explorer displays empty CDs then.

CORE-9254 #resolve #comment Fixed with r68233

svn path=/trunk/; revision=68233
This commit is contained in:
Pierre Schweitzer 2015-06-21 16:47:23 +00:00
parent 3faaa34e03
commit adb3662527
2 changed files with 34 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
reactos/drivers/filesystems/cdfs/dirctl.c
View file

@ -290,9 +290,26 @@ CdfsFindFile(PDEVICE_EXTENSION DeviceExt,
return Status; return Status;
} }
if (Record->RecordLength < Record->FileIdLength + FIELD_OFFSET(DIR_RECORD, FileId))
{
DPRINT1("Found corrupted entry! %u - %u\n", Record->RecordLength, Record->FileIdLength + FIELD_OFFSET(DIR_RECORD, FileId));
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
DPRINT("Name '%S'\n", name); DPRINT("Name '%S'\n", name);
RtlInitUnicodeString(&LongName, name); RtlInitUnicodeString(&LongName, name);
/* Was the entry degenerated? */
if (LongName.Length < sizeof(WCHAR))
{
DPRINT1("Found entry with invalid name!\n");
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
ShortName.Length = 0; ShortName.Length = 0;
ShortName.MaximumLength = 26; ShortName.MaximumLength = 26;
ShortName.Buffer = ShortNameBuffer; ShortName.Buffer = ShortNameBuffer;

17
reactos/drivers/filesystems/cdfs/fcb.c
View file

@ -558,12 +558,29 @@ CdfsDirFindFile(PDEVICE_EXTENSION DeviceExt,
DPRINT("RecordLength %u ExtAttrRecordLength %u NameLength %u\n", DPRINT("RecordLength %u ExtAttrRecordLength %u NameLength %u\n",
Record->RecordLength, Record->ExtAttrRecordLength, Record->FileIdLength); Record->RecordLength, Record->ExtAttrRecordLength, Record->FileIdLength);
if (Record->RecordLength < Record->FileIdLength + FIELD_OFFSET(DIR_RECORD, FileId))
{
DPRINT1("Found corrupted entry! %u - %u\n", Record->RecordLength, Record->FileIdLength + FIELD_OFFSET(DIR_RECORD, FileId));
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
CdfsGetDirEntryName(DeviceExt, Record, Name); CdfsGetDirEntryName(DeviceExt, Record, Name);
DPRINT ("Name '%S'\n", Name); DPRINT ("Name '%S'\n", Name);
DPRINT ("Sector %lu\n", DirectoryFcb->Entry.ExtentLocationL); DPRINT ("Sector %lu\n", DirectoryFcb->Entry.ExtentLocationL);
DPRINT ("Offset %lu\n", Offset); DPRINT ("Offset %lu\n", Offset);
RtlInitUnicodeString(&LongName, Name); RtlInitUnicodeString(&LongName, Name);
/* Was the entry degenerated? */
if (LongName.Length < sizeof(WCHAR))
{
DPRINT1("Found entry with invalid name!\n");
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
RtlInitEmptyUnicodeString(&ShortName, ShortNameBuffer, sizeof(ShortNameBuffer)); RtlInitEmptyUnicodeString(&ShortName, ShortNameBuffer, sizeof(ShortNameBuffer));
RtlZeroMemory(ShortNameBuffer, sizeof(ShortNameBuffer)); RtlZeroMemory(ShortNameBuffer, sizeof(ShortNameBuffer));