ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

mountmgr.sys: Use SystemBuffer output for IOCTL_STORAGE_QUERY_PROPERTY. 

In METHOD_BUFFERED ioctls, SystemBuffer must be used as both the input and output buffer.
Using UserBuffer directly, without any checks is dangerous and non-functional, as it will
be overwritten by the contents of SystemBuffer in a correct implementation.

Signed-off-by: Derek Lesho <dlesho@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Derek Lesho 2020-07-20 11:20:15 -05:00 committed by Alexandre Julliard
parent bd97b597e6
commit 8e98dcd42e
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dlls/mountmgr.sys/device.c
View File

@ -1771,12 +1771,11 @@ static void query_property( struct disk_device *device, IRP *irp )
if (device->serial) len += strlen( device->serial ) + 1; if (device->serial) len += strlen( device->serial ) + 1;
if (!irp->UserBuffer if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
|| irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
irp->IoStatus.u.Status = STATUS_INVALID_PARAMETER; irp->IoStatus.u.Status = STATUS_INVALID_PARAMETER;
else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < len) else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < len)
{ {
descriptor = irp->UserBuffer; descriptor = irp->AssociatedIrp.SystemBuffer;
descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR); descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
descriptor->Size = len; descriptor->Size = len;
irp->IoStatus.Information = sizeof(STORAGE_DESCRIPTOR_HEADER); irp->IoStatus.Information = sizeof(STORAGE_DESCRIPTOR_HEADER);
@ -1786,8 +1785,8 @@ static void query_property( struct disk_device *device, IRP *irp )
{ {
FIXME( "Faking StorageDeviceProperty data\n" ); FIXME( "Faking StorageDeviceProperty data\n" );
memset( irp->UserBuffer, 0, irpsp->Parameters.DeviceIoControl.OutputBufferLength ); memset( irp->AssociatedIrp.SystemBuffer, 0, irpsp->Parameters.DeviceIoControl.OutputBufferLength );
descriptor = irp->UserBuffer; descriptor = irp->AssociatedIrp.SystemBuffer;
descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR); descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
descriptor->Size = len; descriptor->Size = len;
descriptor->DeviceType = FILE_DEVICE_DISK; descriptor->DeviceType = FILE_DEVICE_DISK;