From f710a888d625484e8ba640d85b068ff6d4fa01d4 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Tue, 23 Jun 2015 06:54:44 +0000
Subject: [PATCH] [CDFS] In case of directory enumeration, validate the record
 earlier to really prevent any potentiel buffer overflow

CORE-9254

svn path=/trunk/; revision=68244
---
 reactos/drivers/filesystems/cdfs/dirctl.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/reactos/drivers/filesystems/cdfs/dirctl.c b/reactos/drivers/filesystems/cdfs/dirctl.c
index 5a9573fd913..e1be04a2e22 100644
--- a/reactos/drivers/filesystems/cdfs/dirctl.c
+++ b/reactos/drivers/filesystems/cdfs/dirctl.c
@@ -117,6 +117,12 @@ CdfsGetEntryName(PDEVICE_EXTENSION DeviceExt,
     DPRINT("Index %lu  RecordLength %lu  Offset %lu\n",
         *pIndex, Record->RecordLength, *CurrentOffset);
 
+    if (!CdfsIsRecordValid(DeviceExt, Record))
+    {
+        CcUnpinData(*Context);
+        return STATUS_DISK_CORRUPT_ERROR;
+    }
+
     CdfsGetDirEntryName(DeviceExt, Record, Name);
 
     *Ptr = Record;
@@ -259,20 +265,13 @@ CdfsFindFile(PDEVICE_EXTENSION DeviceExt,
         {
             break;
         }
-        else if (Status == STATUS_UNSUCCESSFUL)
+        else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR)
         {
             /* Note: the directory cache has already been unpinned */
             RtlFreeUnicodeString(&FileToFindUpcase);
             return Status;
         }
 
-        if (!CdfsIsRecordValid(DeviceExt, Record))
-        {
-            RtlFreeUnicodeString(&FileToFindUpcase);
-            CcUnpinData(Context);
-            return STATUS_DISK_CORRUPT_ERROR;
-        }
-
         DPRINT("Name '%S'\n", name);
 
         RtlInitUnicodeString(&LongName, name);