[ros-diffs] [reactos] 01/01: [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter checks

Eric Kohl Sat, 29 Jun 2019 09:18:40 -0700

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8f5fe0fa4f491b46b0bb0417301d64bb97b9a2b2


commit 8f5fe0fa4f491b46b0bb0417301d64bb97b9a2b2
Author:     Eric Kohl <[email protected]>
AuthorDate: Sat Jun 29 17:52:56 2019 +0200
Commit:     Eric Kohl <[email protected]>
CommitDate: Sat Jun 29 18:16:13 2019 +0200

    [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter 
checks
---
 base/services/umpnpmgr/rpcserver.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/base/services/umpnpmgr/rpcserver.c 
b/base/services/umpnpmgr/rpcserver.c
index bda0cdb55c..b76e250fc6 100644
--- a/base/services/umpnpmgr/rpcserver.c
+++ b/base/services/umpnpmgr/rpcserver.c
@@ -3539,6 +3539,8 @@ PNP_RegisterNotification(
     DWORD ulUnknown8,
     DWORD *pulUnknown9)
 {
+    PDEV_BROADCAST_DEVICEINTERFACE_W pBroadcastDeviceInterface;
+    PDEV_BROADCAST_HANDLE pBroadcastDeviceHandle;
 #if 0
     PNOTIFY_DATA pNotifyData;
 #endif
@@ -3555,6 +3557,38 @@ PNP_RegisterNotification(
     if (ulFlags & ~0x7)
         return CR_INVALID_FLAG;
 
+    if ((ulNotificationFilterSize < sizeof(DEV_BROADCAST_HDR)) ||
+        (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_size < 
sizeof(DEV_BROADCAST_HDR)))
+        return CR_INVALID_DATA;
+
+    if (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype == 
DBT_DEVTYP_DEVICEINTERFACE)
+    {
+        DPRINT1("DBT_DEVTYP_DEVICEINTERFACE\n");
+        pBroadcastDeviceInterface = 
(PDEV_BROADCAST_DEVICEINTERFACE_W)pNotificationFilter;
+
+        if ((ulNotificationFilterSize < 
sizeof(DEV_BROADCAST_DEVICEINTERFACE_W)) ||
+            (pBroadcastDeviceInterface->dbcc_size < 
sizeof(DEV_BROADCAST_DEVICEINTERFACE_W)))
+            return CR_INVALID_DATA;
+    }
+    else if (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype == 
DBT_DEVTYP_HANDLE)
+    {
+        DPRINT1("DBT_DEVTYP_HANDLE\n");
+        pBroadcastDeviceHandle = (PDEV_BROADCAST_HANDLE)pNotificationFilter;
+
+        if ((ulNotificationFilterSize < sizeof(DEV_BROADCAST_HANDLE)) ||
+            (pBroadcastDeviceHandle->dbch_size < sizeof(DEV_BROADCAST_HANDLE)))
+            return CR_INVALID_DATA;
+
+        if (ulFlags & DEVICE_NOTIFY_ALL_INTERFACE_CLASSES)
+            return CR_INVALID_FLAG;
+    }
+    else
+    {
+        DPRINT1("Invalid device type %lu\n", 
((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype);
+        return CR_INVALID_DATA;
+    }
+
+
 #if 0
     pNotifyData = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, 
sizeof(NOTIFY_DATA));
     if (pNotifyData == NULL)

[ros-diffs] [reactos] 01/01: [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter checks

Reply via email to