[ros-diffs] [mjansen] 73765: [NTOSKRNL] Fix some possible overruns in FsRtlIsNameInExpressionPrivate + add a test from Thomas. CORE-12121

mjansen Wed, 08 Feb 2017 16:13:20 -0800

Author: mjansen
Date: Thu Feb  9 00:12:36 2017
New Revision: 73765

URL: http://svn.reactos.org/svn/reactos?rev=73765&view=rev
Log:
[NTOSKRNL] Fix some possible overruns in FsRtlIsNameInExpressionPrivate + add a 
test from Thomas. CORE-12121


Modified:
    trunk/reactos/ntoskrnl/fsrtl/name.c
    trunk/rostests/kmtests/ntos_fsrtl/FsRtlExpression.c

Modified: trunk/reactos/ntoskrnl/fsrtl/name.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/fsrtl/name.c?rev=73765&r1=73764&r2=73765&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/fsrtl/name.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/fsrtl/name.c [iso-8859-1] Thu Feb  9 00:12:36 2017
@@ -113,7 +113,7 @@
         if (NamePosition >= Name->Length / sizeof(WCHAR))
         {
             EndOfName = TRUE;
-            if (OldBackTracking[MatchingChars - 1] == Expression->Length * 2)
+            if (MatchingChars && (OldBackTracking[MatchingChars - 1] == 
Expression->Length * 2))
                 break;
         }
 
@@ -155,8 +155,8 @@
                 }
 
                 /* Basic check to test if chars are equal */
-                CompareChar = IgnoreCase ? 
UpcaseTable[Name->Buffer[NamePosition]] :
-                                           Name->Buffer[NamePosition];
+                CompareChar = (NamePosition >= Name->Length / sizeof(WCHAR)) ? 
UNICODE_NULL : (IgnoreCase ? UpcaseTable[Name->Buffer[NamePosition]] :
+                                           Name->Buffer[NamePosition]);
                 if (Expression->Buffer[ExpressionPosition / sizeof(WCHAR)] == 
CompareChar && !EndOfName)
                 {
                     BackTracking[BackTrackingPosition++] = (ExpressionPosition 
+ sizeof(WCHAR)) * 2;
@@ -233,7 +233,7 @@
     }
 
     /* Store result value */
-    Result = (OldBackTracking[MatchingChars - 1] == (Expression->Length * 2));
+    Result = MatchingChars > 0 && (OldBackTracking[MatchingChars - 1] == 
(Expression->Length * 2));
 
     /* Frees the memory if necessary */
     if (BackTracking != BackTrackingBuffer && BackTracking != 
OldBackTrackingBuffer)

Modified: trunk/rostests/kmtests/ntos_fsrtl/FsRtlExpression.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/rostests/kmtests/ntos_fsrtl/FsRtlExpression.c?rev=73765&r1=73764&r2=73765&view=diff
==============================================================================
--- trunk/rostests/kmtests/ntos_fsrtl/FsRtlExpression.c [iso-8859-1] (original)
+++ trunk/rostests/kmtests/ntos_fsrtl/FsRtlExpression.c [iso-8859-1] Thu Feb  9 
00:12:36 2017
@@ -173,6 +173,9 @@
     { L"a>>>exe",               L"ac.exe",                      FALSE,  FALSE, 
 FALSE },
     { L"<.exe",                 L"test.exe",                    FALSE,  FALSE, 
 TRUE },
     { L"<.EXE",                 L"test.exe",                    TRUE,   FALSE, 
 TRUE },
+    { 
L"*_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.*.*_*_*.MANIFEST",
+                                
L"X86_MICROSOFT.VC90.ATL_1FC8B3B9A1E18E3B_9.0.30729.6161_X-WW_92453BB7.CAT",
+                                                                FALSE,  FALSE, 
 FALSE },
 };
 
 static VOID FsRtlIsNameInExpressionTest()

[ros-diffs] [mjansen] 73765: [NTOSKRNL] Fix some possible overruns in FsRtlIsNameInExpressionPrivate + add a test from Thomas. CORE-12121

Reply via email to