Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-02 02:34:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CDFS]

Browse source 
In case of directory enumeration, validate the record earlier to really prevent any potentiel buffer overflow

CORE-9254

svn path=/trunk/; revision=68244
This commit is contained in:
Pierre Schweitzer 2015-06-23 06:54:44 +00:00
parent 5ab078c226
commit f710a888d6
1 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
reactos/drivers/filesystems/cdfs/dirctl.c
View file

@ -117,6 +117,12 @@ CdfsGetEntryName(PDEVICE_EXTENSION DeviceExt,
DPRINT("Index %lu RecordLength %lu Offset %lu\n",
*pIndex, Record->RecordLength, *CurrentOffset);
if (!CdfsIsRecordValid(DeviceExt, Record))
{
CcUnpinData(*Context);
return STATUS_DISK_CORRUPT_ERROR;
}
CdfsGetDirEntryName(DeviceExt, Record, Name);
*Ptr = Record;
@ -259,20 +265,13 @@ CdfsFindFile(PDEVICE_EXTENSION DeviceExt,
{
break;
}
else if (Status == STATUS_UNSUCCESSFUL)
else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR)
{
/* Note: the directory cache has already been unpinned */
RtlFreeUnicodeString(&FileToFindUpcase);
return Status;
}
if (!CdfsIsRecordValid(DeviceExt, Record))
{
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
DPRINT("Name '%S'\n", name);
RtlInitUnicodeString(&LongName, name);