[ros-diffs] [tthompson] 71897: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid.

tthompson Tue, 12 Jul 2016 02:58:29 -0700

Author: tthompson
Date: Tue Jul 12 09:57:16 2016
New Revision: 71897

URL: http://svn.reactos.org/svn/reactos?rev=71897&view=rev
Log:
[NTFS]
Add error-checking to InternalGetNextAttribute(); don't crash if 
CurrAttr->Length is invalid.


Modified:
    branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c

Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c
URL: 
http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c?rev=71897&r1=71896&r2=71897&view=diff
==============================================================================
--- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c   [iso-8859-1] 
(original)
+++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c   [iso-8859-1] 
Tue Jul 12 09:57:16 2016
@@ -181,6 +181,14 @@
         }
 
         NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + 
Context->CurrAttr->Length);
+
+        if (NextAttribute > Context->LastAttr || NextAttribute < 
Context->FirstAttr)
+        {
+            DPRINT1("Broken length: 0x%lx!\n", Context->CurrAttr->Length);
+            Context->CurrAttr = (PVOID)-1;
+            return NULL;
+        }
+        
         Context->Offset += ((ULONG_PTR)NextAttribute - 
(ULONG_PTR)Context->CurrAttr);
         Context->CurrAttr = NextAttribute;

[ros-diffs] [tthompson] 71897: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid.

Reply via email to