Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-04 03:34:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CDFS]

Browse source 
In case of directory enumeration, validate the record earlier to really prevent any potentiel buffer overflow

CORE-9254

svn path=/trunk/; revision=68244
This commit is contained in:
Pierre Schweitzer 2015-06-23 06:54:44 +00:00
parent 5ab078c226
commit f710a888d6
1 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
reactos/drivers/filesystems/cdfs/dirctl.c
View file

@ -117,6 +117,12 @@ CdfsGetEntryName(PDEVICE_EXTENSION DeviceExt,
DPRINT("Index %lu RecordLength %lu Offset %lu\n", DPRINT("Index %lu RecordLength %lu Offset %lu\n",
*pIndex, Record->RecordLength, *CurrentOffset); *pIndex, Record->RecordLength, *CurrentOffset);
if (!CdfsIsRecordValid(DeviceExt, Record))
{
CcUnpinData(*Context);
return STATUS_DISK_CORRUPT_ERROR;
}
CdfsGetDirEntryName(DeviceExt, Record, Name); CdfsGetDirEntryName(DeviceExt, Record, Name);
*Ptr = Record; *Ptr = Record;
@ -259,20 +265,13 @@ CdfsFindFile(PDEVICE_EXTENSION DeviceExt,
{ {
break; break;
} }
else if (Status == STATUS_UNSUCCESSFUL) else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR)
{ {
/* Note: the directory cache has already been unpinned */ /* Note: the directory cache has already been unpinned */
RtlFreeUnicodeString(&FileToFindUpcase); RtlFreeUnicodeString(&FileToFindUpcase);
return Status; return Status;
} }
if (!CdfsIsRecordValid(DeviceExt, Record))
{
RtlFreeUnicodeString(&FileToFindUpcase);
CcUnpinData(Context);
return STATUS_DISK_CORRUPT_ERROR;
}
DPRINT("Name '%S'\n", name); DPRINT("Name '%S'\n", name);
RtlInitUnicodeString(&LongName, name); RtlInitUnicodeString(&LongName, name);