Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-04 23:55:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

modified ntoskrnl/ex/sysinfo.c

Browse source 
MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun
   Fixes CID 527, CID 528

svn path=/trunk/; revision=37616
This commit is contained in:
KJK::Hyperion 2008-11-24 13:47:44 +00:00
parent c086cc2302
commit b4d5ee6914
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
reactos/ntoskrnl/ex/sysinfo.c
View file

@ -1794,6 +1794,9 @@ CallQS [] =
SI_QX(SystemSessionProcessesInformation) SI_QX(SystemSessionProcessesInformation)
}; };
C_ASSERT(SystemBasicInformation == 0);
#define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation)
#define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0]))
/* /*
* @implemented * @implemented
@ -1825,7 +1828,7 @@ NtQuerySystemInformation (IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
/* /*
* Check the request is valid. * Check the request is valid.
*/ */
if (SystemInformationClass >= MaxSystemInfoClass) if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
{ {
_SEH2_YIELD(return STATUS_INVALID_INFO_CLASS); _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS);
} }
@ -1892,8 +1895,8 @@ NtSetSystemInformation (
/* /*
* Check the request is valid. * Check the request is valid.
*/ */
if ( (SystemInformationClass >= SystemBasicInformation) if ( (SystemInformationClass >= MIN_SYSTEM_INFO_CLASS)
&& (SystemInformationClass < MaxSystemInfoClass) && (SystemInformationClass < MAX_SYSTEM_INFO_CLASS)
) )
{ {
if (NULL != CallQS [SystemInformationClass].Set) if (NULL != CallQS [SystemInformationClass].Set)