[NTOSKRNL_VISTA]

Bug fixes to FsRtlRemoveDotsFromPath() (buffer overrun, buffer underrun, etc.). This fixes the failing test svn path=/trunk/; revision=71047
2024-07-02 10:45:24 +00:00 · 2016-03-25 22:12:08 +00:00 · 2016-03-25 22:12:08 +00:00 · de0bb0d228
parent ef0b98d6fb
commit de0bb0d228
1 changed files with 52 additions and 52 deletions
--- a/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c
+++ b/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c
@ -16,7 +16,7 @@ FsRtlRemoveDotsFromPath(IN PWSTR OriginalString,
                        IN USHORT PathLength,
                        OUT USHORT *NewLength)
 {
-    USHORT Length, ReadPos, WritePos = 0;
+    USHORT Length, ReadPos, WritePos;

    Length = PathLength / sizeof(WCHAR);

@ -35,13 +35,9 @@ FsRtlRemoveDotsFromPath(IN PWSTR OriginalString,
        return STATUS_IO_REPARSE_DATA_INVALID;
    }

-    if (Length > 0)
+    for (ReadPos = 0, WritePos = 0; ReadPos < Length; ++WritePos)
    {
-        ReadPos = 0;
-
-        for (; ReadPos < Length; ++WritePos)
-        {
-            for (; ReadPos < Length; ++ReadPos)
+        for (; ReadPos > 0 && ReadPos < Length; ++ReadPos)
        {
            if (ReadPos < Length - 1 && OriginalString[ReadPos] == '\\' && OriginalString[ReadPos + 1] == '\\')
            {
@ -105,10 +101,14 @@ FsRtlRemoveDotsFromPath(IN PWSTR OriginalString,
            ++ReadPos;
        }

+        if (ReadPos >= Length)
+        {
+            break;
+        }
+
        OriginalString[WritePos] = OriginalString[ReadPos];
        ++ReadPos;
    }
-    }

    *NewLength = WritePos * sizeof(WCHAR);