From b4d5ee691452af5f7c4c9e3684b90a7d42757ba7 Mon Sep 17 00:00:00 2001 From: "KJK::Hyperion" Date: Mon, 24 Nov 2008 13:47:44 +0000 Subject: [PATCH] modified ntoskrnl/ex/sysinfo.c MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun Fixes CID 527, CID 528 svn path=/trunk/; revision=37616 --- reactos/ntoskrnl/ex/sysinfo.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/reactos/ntoskrnl/ex/sysinfo.c b/reactos/ntoskrnl/ex/sysinfo.c index 4589adc0319..4b990670f65 100644 --- a/reactos/ntoskrnl/ex/sysinfo.c +++ b/reactos/ntoskrnl/ex/sysinfo.c @@ -1794,6 +1794,9 @@ CallQS [] = SI_QX(SystemSessionProcessesInformation) }; +C_ASSERT(SystemBasicInformation == 0); +#define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation) +#define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0])) /* * @implemented @@ -1825,7 +1828,7 @@ NtQuerySystemInformation (IN SYSTEM_INFORMATION_CLASS SystemInformationClass, /* * Check the request is valid. */ - if (SystemInformationClass >= MaxSystemInfoClass) + if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS) { _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS); } @@ -1892,8 +1895,8 @@ NtSetSystemInformation ( /* * Check the request is valid. */ - if ( (SystemInformationClass >= SystemBasicInformation) - && (SystemInformationClass < MaxSystemInfoClass) + if ( (SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) + && (SystemInformationClass < MAX_SYSTEM_INFO_CLASS) ) { if (NULL != CallQS [SystemInformationClass].Set)