mirror of
https://github.com/reactos/reactos.git
synced 2024-10-02 07:26:47 +00:00
[CDFS]
In case of directory enumeration, validate the record earlier to really prevent any potentiel buffer overflow CORE-9254 svn path=/trunk/; revision=68244
This commit is contained in:
parent
5ab078c226
commit
f710a888d6
|
@ -117,6 +117,12 @@ CdfsGetEntryName(PDEVICE_EXTENSION DeviceExt,
|
|||
DPRINT("Index %lu RecordLength %lu Offset %lu\n",
|
||||
*pIndex, Record->RecordLength, *CurrentOffset);
|
||||
|
||||
if (!CdfsIsRecordValid(DeviceExt, Record))
|
||||
{
|
||||
CcUnpinData(*Context);
|
||||
return STATUS_DISK_CORRUPT_ERROR;
|
||||
}
|
||||
|
||||
CdfsGetDirEntryName(DeviceExt, Record, Name);
|
||||
|
||||
*Ptr = Record;
|
||||
|
@ -259,20 +265,13 @@ CdfsFindFile(PDEVICE_EXTENSION DeviceExt,
|
|||
{
|
||||
break;
|
||||
}
|
||||
else if (Status == STATUS_UNSUCCESSFUL)
|
||||
else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR)
|
||||
{
|
||||
/* Note: the directory cache has already been unpinned */
|
||||
RtlFreeUnicodeString(&FileToFindUpcase);
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (!CdfsIsRecordValid(DeviceExt, Record))
|
||||
{
|
||||
RtlFreeUnicodeString(&FileToFindUpcase);
|
||||
CcUnpinData(Context);
|
||||
return STATUS_DISK_CORRUPT_ERROR;
|
||||
}
|
||||
|
||||
DPRINT("Name '%S'\n", name);
|
||||
|
||||
RtlInitUnicodeString(&LongName, name);
|
||||
|
|
Loading…
Reference in a new issue