Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-06 12:45:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

[FREELDR]

Browse source 
Fix wrong buffer size calculation that could lead to memory corruption
Kudos go to Jardar for debugging the issue.

svn path=/trunk/; revision=55173
This commit is contained in:
Timo Kreuzer 2012-01-25 16:45:42 +00:00
parent 1ef28d6071
commit c707066acb
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
reactos/boot/freeldr/freeldr/arch/i386/hardware.c
View file

@ -250,7 +250,8 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
TRACE("Estimated buffer size %u\n", NodeSize * NodeCount);
/* Set 'Configuration Data' value */
Size = sizeof(CM_PARTIAL_RESOURCE_LIST) + (NodeSize * NodeCount);
Size = sizeof(CM_PARTIAL_RESOURCE_LIST)
+ sizeof(CM_PNP_BIOS_INSTALLATION_CHECK) + (NodeSize * NodeCount);
PartialResourceList = MmHeapAlloc(Size);
if (PartialResourceList == NULL)
{
@ -268,8 +269,8 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
PartialResourceList->PartialDescriptors[0].ShareDisposition =
CmResourceShareUndetermined;
Ptr = (char *)(((ULONG_PTR)&PartialResourceList->PartialDescriptors[0]) +
sizeof(CM_PARTIAL_RESOURCE_DESCRIPTOR));
/* The buffer starts after PartialResourceList->PartialDescriptors[0] */
Ptr = (char *)(PartialResourceList + 1);
/* Set instalation check data */
memcpy (Ptr, InstData, sizeof(CM_PNP_BIOS_INSTALLATION_CHECK));
@ -292,6 +293,12 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
DeviceNode->Size,
DeviceNode->Size);
if (PnpBufferSize + DeviceNode->Size > Size)
{
ERR("Buffer too small!\n");
break;
}
memcpy (Ptr,
DeviceNode,
DeviceNode->Size);