[FILESYSTEMS] Fix pool memory disclosure in NtQueryAttributesFile handlers (#2926)

Fix pool memory disclosure caused by alignment bytes at the end of the _FILE_BASIC_INFORMATION structure
2025-02-22 16:36:33 +00:00 · 2020-09-11 19:47:43 +07:00 · 2020-09-11 19:47:43 +07:00 · ede7a20a17
commit ede7a20a17
parent 35dbdaaa0e
4 changed files with 9 additions and 1 deletions
--- a/drivers/filesystems/cdfs/fileinfo.c
+++ b/drivers/filesystems/cdfs/fileinfo.c
@ -899,6 +899,8 @@ Return Value:
    //  We only support creation, last modify and last write times on Cdfs.
    //

+    RtlZeroMemory(Buffer, sizeof(FILE_BASIC_INFORMATION));
+
    Buffer->LastWriteTime.QuadPart =
    Buffer->CreationTime.QuadPart =
    Buffer->ChangeTime.QuadPart = Fcb->CreationTime;
--- a/drivers/filesystems/fastfat/finfo.c
+++ b/drivers/filesystems/fastfat/finfo.c
@ -293,6 +293,8 @@ VfatGetBasicInformation(
    if (*BufferLength < sizeof(FILE_BASIC_INFORMATION))
        return STATUS_BUFFER_OVERFLOW;

+    RtlZeroMemory(BasicInfo, sizeof(FILE_BASIC_INFORMATION));
+
    if (vfatVolumeIsFatX(DeviceExt))
    {
        FsdDosDateTimeToSystemTime(DeviceExt,
--- a/drivers/filesystems/ntfs/finfo.c
+++ b/drivers/filesystems/ntfs/finfo.c
@ -107,6 +107,8 @@ NtfsGetBasicInformation(PFILE_OBJECT FileObject,
    if (*BufferLength < sizeof(FILE_BASIC_INFORMATION))
        return STATUS_BUFFER_TOO_SMALL;

+    RtlZeroMemory(BasicInfo, sizeof(FILE_BASIC_INFORMATION));
+
    BasicInfo->CreationTime.QuadPart = FileName->CreationTime;
    BasicInfo->LastAccessTime.QuadPart = FileName->LastAccessTime;
    BasicInfo->LastWriteTime.QuadPart = FileName->LastWriteTime;
--- a/drivers/filesystems/reiserfs/src/fileinfo.c
+++ b/drivers/filesystems/reiserfs/src/fileinfo.c
@ -3,7 +3,7 @@
 * PROJECT:          ReiserFs file system driver for Windows NT/2000/XP/Vista.
 * FILE:             fileinfo.c
 * PURPOSE:          
- * PROGRAMMER:       Mark Piper, Matt Wu, Bo Brantén.
+ * PROGRAMMER:       Mark Piper, Matt Wu, Bo Brantén.
 * HOMEPAGE:         
 * UPDATE HISTORY: 
 */
@ -140,6 +140,8 @@ RfsdQueryInformation (IN PRFSD_IRP_CONTEXT IrpContext)
                }
                
                FileBasicInformation = (PFILE_BASIC_INFORMATION) Buffer;
+
+                RtlZeroMemory(FileBasicInformation, sizeof(FILE_BASIC_INFORMATION));
                
                FileBasicInformation->CreationTime = RfsdSysTime(Fcb->Inode->i_ctime);