Author: pschweitzer
Date: Fri Mar 25 22:12:08 2016
New Revision: 71047
URL: http://svn.reactos.org/svn/reactos?rev=71047&view=rev
Log:
[NTOSKRNL_VISTA]
Bug fixes to FsRtlRemoveDotsFromPath() (buffer overrun, buffer underrun, etc.).
This fixes the failing test
Modified:
trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c
Modified: trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c?rev=71047&r1=71046&r2=71047&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c [iso-8859-1] Fri Mar 25
22:12:08 2016
@@ -16,7 +16,7 @@
IN USHORT PathLength,
OUT USHORT *NewLength)
{
- USHORT Length, ReadPos, WritePos = 0;
+ USHORT Length, ReadPos, WritePos;
Length = PathLength / sizeof(WCHAR);
@@ -35,79 +35,79 @@
return STATUS_IO_REPARSE_DATA_INVALID;
}
- if (Length > 0)
+ for (ReadPos = 0, WritePos = 0; ReadPos < Length; ++WritePos)
{
- ReadPos = 0;
+ for (; ReadPos > 0 && ReadPos < Length; ++ReadPos)
+ {
+ if (ReadPos < Length - 1 && OriginalString[ReadPos] == '\\' &&
OriginalString[ReadPos + 1] == '\\')
+ {
+ continue;
+ }
- for (; ReadPos < Length; ++WritePos)
- {
- for (; ReadPos < Length; ++ReadPos)
+ if (OriginalString[ReadPos] != '.')
{
- if (ReadPos < Length - 1 && OriginalString[ReadPos] == '\\' &&
OriginalString[ReadPos + 1] == '\\')
+ break;
+ }
+
+ if (ReadPos == Length - 1)
+ {
+ if (OriginalString[ReadPos - 1] == '\\')
{
+ if (WritePos > 1)
+ {
+ --WritePos;
+ }
+
continue;
}
- if (OriginalString[ReadPos] != '.')
+ OriginalString[WritePos] = '.';
+ ++WritePos;
+ continue;
+ }
+
+ if (OriginalString[ReadPos + 1] == '\\')
+ {
+ if (OriginalString[ReadPos - 1] != '\\')
{
- break;
+ OriginalString[WritePos] = '.';
+ ++WritePos;
+ continue;
}
-
- if (ReadPos == Length - 1)
+ }
+ else
+ {
+ if (OriginalString[ReadPos + 1] != '.' ||
OriginalString[ReadPos - 1] != '\\' ||
+ ((ReadPos != Length - 2) && OriginalString[ReadPos + 2] !=
'\\'))
{
- if (OriginalString[ReadPos - 1] == '\\')
- {
- if (WritePos > 1)
- {
- --WritePos;
- }
-
- continue;
- }
-
OriginalString[WritePos] = '.';
++WritePos;
continue;
}
- if (OriginalString[ReadPos + 1] == '\\')
+ for (WritePos -= 2; (SHORT)WritePos > 0 &&
OriginalString[WritePos] != '\\'; --WritePos);
+
+ if ((SHORT)WritePos < 0 || OriginalString[WritePos] != '\\')
{
- if (OriginalString[ReadPos - 1] != '\\')
- {
- OriginalString[WritePos] = '.';
- ++WritePos;
- continue;
- }
- }
- else
- {
- if (OriginalString[ReadPos + 1] != '.' ||
OriginalString[ReadPos - 1] != '\\' ||
- ((ReadPos != Length - 2) && OriginalString[ReadPos +
2] != '\\'))
- {
- OriginalString[WritePos] = '.';
- ++WritePos;
- continue;
- }
-
- for (WritePos -= 2; (SHORT)WritePos > 0 &&
OriginalString[WritePos] != '\\'; --WritePos);
-
- if ((SHORT)WritePos < 0 || OriginalString[WritePos] !=
'\\')
- {
- return STATUS_IO_REPARSE_DATA_INVALID;
- }
-
- if (WritePos == 0 && ReadPos == Length - 2)
- {
- WritePos = 1;
- }
+ return STATUS_IO_REPARSE_DATA_INVALID;
}
- ++ReadPos;
+ if (WritePos == 0 && ReadPos == Length - 2)
+ {
+ WritePos = 1;
+ }
}
- OriginalString[WritePos] = OriginalString[ReadPos];
++ReadPos;
}
+
+ if (ReadPos >= Length)
+ {
+ break;
+ }
+
+ OriginalString[WritePos] = OriginalString[ReadPos];
+ ++ReadPos;
}
*NewLength = WritePos * sizeof(WCHAR);
