[MOUNTMGR] Fix ReparseFile concatenation in OnlineMountedVolumes

- ReparseFile was concatenated with itself, instead of ReparseIndex
- Meanwhile, use RtlAppendUnicodeStringToString for concatenating
  strings instead of raw memory operations

drivers/storage/mountmgr/database.c

@@ -665,10 +665,12 @@ ReconcileThisDatabaseWithMasterWorker(IN PVOID Parameter)
     DatabaseHandle = OpenRemoteDatabase(DeviceInformation, FALSE);
 
     /* Prepare a string with reparse point index */
-    ReparseFile.Length = DeviceInformation->DeviceName.Length + ReparseIndex.Length;
+    ReparseFile.Length = 0;
-    ReparseFile.MaximumLength = ReparseFile.Length + sizeof(UNICODE_NULL);
+    ReparseFile.MaximumLength = DeviceInformation->DeviceName.Length
+                                + ReparseIndex.Length
+                                + sizeof(UNICODE_NULL);
     ReparseFile.Buffer = AllocatePool(ReparseFile.MaximumLength);
-    if (ReparseFile.Buffer == NULL)
+    if (!ReparseFile.Buffer)
     {
         if (DatabaseHandle != 0)
         {
@@ -678,10 +680,8 @@ ReconcileThisDatabaseWithMasterWorker(IN PVOID Parameter)
         goto ReleaseRDS;
     }
 
-    RtlCopyMemory(ReparseFile.Buffer, DeviceInformation->DeviceName.Buffer,
+    RtlAppendUnicodeStringToString(&ReparseFile, &DeviceInformation->DeviceName);
-                  DeviceInformation->DeviceName.Length);
+    RtlAppendUnicodeStringToString(&ReparseFile, &ReparseIndex);
-    RtlCopyMemory((PVOID)((ULONG_PTR)ReparseFile.Buffer + DeviceInformation->DeviceName.Length),
-                  ReparseIndex.Buffer, ReparseIndex.Length);
     ReparseFile.Buffer[ReparseFile.Length / sizeof(WCHAR)] = UNICODE_NULL;
 
     InitializeObjectAttributes(&ObjectAttributes,
@@ -1477,18 +1477,18 @@ OnlineMountedVolumes(IN PDEVICE_EXTENSION DeviceExtension,
     }
 
     /* Prepare a string with reparse point index */
-    ReparseFile.Length = DeviceInformation->DeviceName.Length + ReparseIndex.Length;
+    ReparseFile.Length = 0;
-    ReparseFile.MaximumLength = ReparseFile.Length + sizeof(UNICODE_NULL);
+    ReparseFile.MaximumLength = DeviceInformation->DeviceName.Length
+                                + ReparseIndex.Length
+                                + sizeof(UNICODE_NULL);
     ReparseFile.Buffer = AllocatePool(ReparseFile.MaximumLength);
     if (!ReparseFile.Buffer)
     {
         return;
     }
 
-    RtlCopyMemory(ReparseFile.Buffer, DeviceInformation->DeviceName.Buffer,
+    RtlAppendUnicodeStringToString(&ReparseFile, &DeviceInformation->DeviceName);
-                  DeviceInformation->DeviceName.Length);
+    RtlAppendUnicodeStringToString(&ReparseFile, &ReparseIndex);
-    RtlCopyMemory((PVOID)((ULONG_PTR)ReparseFile.Buffer + DeviceInformation->DeviceName.Length),
-                  ReparseFile.Buffer, ReparseFile.Length);
     ReparseFile.Buffer[ReparseFile.Length / sizeof(WCHAR)] = UNICODE_NULL;
 
     InitializeObjectAttributes(&ObjectAttributes,
@@ -1700,8 +1700,10 @@ CreateRemoteDatabaseWorker(IN PDEVICE_OBJECT DeviceObject,
     DeviceInformation = WorkItem->DeviceInformation;
 
     /* Reconstruct appropriate string */
-    DatabaseName.Length = DeviceInformation->DeviceName.Length + RemoteDatabase.Length;
+    DatabaseName.Length = 0;
-    DatabaseName.MaximumLength = DatabaseName.Length + sizeof(WCHAR);
+    DatabaseName.MaximumLength = DeviceInformation->DeviceName.Length
+                                 + RemoteDatabase.Length
+                                 + sizeof(UNICODE_NULL);
     DatabaseName.Buffer = AllocatePool(DatabaseName.MaximumLength);
     if (DatabaseName.Buffer == NULL)
     {
@@ -1719,9 +1721,8 @@ CreateRemoteDatabaseWorker(IN PDEVICE_OBJECT DeviceObject,
     }
 
     /* Finish initiating strings */
-    RtlCopyMemory(DatabaseName.Buffer, DeviceInformation->DeviceName.Buffer, DeviceInformation->DeviceName.Length);
+    RtlAppendUnicodeStringToString(&DatabaseName, &DeviceInformation->DeviceName);
-    RtlCopyMemory(DatabaseName.Buffer + (DeviceInformation->DeviceName.Length / sizeof(WCHAR)),
+    RtlAppendUnicodeStringToString(&DatabaseName, &RemoteDatabase);
-                  RemoteDatabase.Buffer, RemoteDatabase.Length);
     DatabaseName.Buffer[DatabaseName.Length / sizeof(WCHAR)] = UNICODE_NULL;
 
     /* Create database */
@@ -1846,17 +1847,18 @@ OpenRemoteDatabase(IN PDEVICE_INFORMATION DeviceInformation,
     Database = 0;
 
     /* Get database name */
-    DeviceRemoteDatabase.Length = DeviceInformation->DeviceName.Length + RemoteDatabase.Length;
+    DeviceRemoteDatabase.Length = 0;
-    DeviceRemoteDatabase.MaximumLength = DeviceRemoteDatabase.Length + sizeof(WCHAR);
+    DeviceRemoteDatabase.MaximumLength = DeviceInformation->DeviceName.Length
+                                         + RemoteDatabase.Length
+                                         + sizeof(UNICODE_NULL);
     DeviceRemoteDatabase.Buffer = AllocatePool(DeviceRemoteDatabase.MaximumLength);
     if (!DeviceRemoteDatabase.Buffer)
     {
         return 0;
     }
 
-    RtlCopyMemory(DeviceRemoteDatabase.Buffer, DeviceInformation->DeviceName.Buffer, DeviceInformation->DeviceName.Length);
+    RtlAppendUnicodeStringToString(&DeviceRemoteDatabase, &DeviceInformation->DeviceName);
-    RtlCopyMemory(DeviceRemoteDatabase.Buffer + (DeviceInformation->DeviceName.Length / sizeof(WCHAR)),
+    RtlAppendUnicodeStringToString(&DeviceRemoteDatabase, &RemoteDatabase);
-                  RemoteDatabase.Buffer, RemoteDatabase.Length);
     DeviceRemoteDatabase.Buffer[DeviceRemoteDatabase.Length / sizeof(WCHAR)] = UNICODE_NULL;
 
     /* Open database */

drivers/storage/mountmgr/device.c

@@ -1075,8 +1075,11 @@ MountMgrValidateBackPointer(IN PASSOCIATED_DEVICE_ENTRY AssociatedDeviceEntry,
     PSYMLINK_INFORMATION SymlinkInformation;
 
     /* Initialize & allocate a string big enough to contain our complete mount point name */
-    FullName.Length = AssociatedDeviceEntry->String.Length + AssociatedDeviceEntry->DeviceInformation->DeviceName.Length + sizeof(WCHAR);
+    FullName.Length = 0;
-    FullName.MaximumLength = FullName.Length + sizeof(UNICODE_NULL);
+    FullName.MaximumLength = AssociatedDeviceEntry->String.Length
+                             + AssociatedDeviceEntry->DeviceInformation->DeviceName.Length
+                             + sizeof(WCHAR)
+                             + sizeof(UNICODE_NULL);
     FullName.Buffer = AllocatePool(FullName.MaximumLength);
     if (!FullName.Buffer)
     {
@@ -1084,9 +1087,9 @@ MountMgrValidateBackPointer(IN PASSOCIATED_DEVICE_ENTRY AssociatedDeviceEntry,
     }
 
     /* Create the path */
-    RtlCopyMemory(FullName.Buffer, AssociatedDeviceEntry->DeviceInformation->DeviceName.Buffer, AssociatedDeviceEntry->DeviceInformation->DeviceName.Length);
+    RtlAppendUnicodeStringToString(&FullName, &AssociatedDeviceEntry->DeviceInformation->DeviceName);
-    FullName.Buffer[AssociatedDeviceEntry->DeviceInformation->DeviceName.Length / sizeof(WCHAR)] = L'\\';
+    FullName.Buffer[FullName.Length / sizeof(WCHAR)] = L'\\';
-    RtlCopyMemory(&FullName.Buffer[AssociatedDeviceEntry->DeviceInformation->DeviceName.Length / sizeof(WCHAR) + 1], AssociatedDeviceEntry->String.Buffer, AssociatedDeviceEntry->String.Length);
+    RtlAppendUnicodeStringToString(&FullName, &AssociatedDeviceEntry->String);
     FullName.Buffer[FullName.Length / sizeof(WCHAR)] = UNICODE_NULL;
 
     /* Open it to query the reparse point */