GitHub-Mirror/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos synced 2025-10-06 00:12:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS] Fix MSVC warnings

Browse Source 
Be strict about string length to prevent overflows.
This commit is contained in:
Timo Kreuzer
2025-04-09 17:17:21 +03:00
parent aa6c33b21c
commit aa60e56199
4 changed files with 46 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ntoskrnl/io/iomgr/deviface.c
View File

@@ -1905,7 +1905,7 @@ IoSetDeviceInterfaceState(IN PUNICODE_STRING SymbolicLinkName,
} }
ASSERT(GuidString.Buffer >= LinkNameNoPrefix.Buffer + 1); ASSERT(GuidString.Buffer >= LinkNameNoPrefix.Buffer + 1);
DeviceInstance.Length = (GuidString.Buffer - LinkNameNoPrefix.Buffer - 1) * sizeof(WCHAR); DeviceInstance.Length = (USHORT)((GuidString.Buffer - LinkNameNoPrefix.Buffer - 1) * sizeof(WCHAR));
if (DeviceInstance.Length == 0) if (DeviceInstance.Length == 0)
{ {
DPRINT1("No device instance in link name '%wZ'\n", SymbolicLinkName); DPRINT1("No device instance in link name '%wZ'\n", SymbolicLinkName);

32
ntoskrnl/io/iomgr/driver.c
View File

@@ -5,7 +5,7 @@
* PURPOSE: Driver Object Management * PURPOSE: Driver Object Management
* PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org) * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
* Filip Navara (navaraf@reactos.org) * Filip Navara (navaraf@reactos.org)
* Herv<EFBFBD> Poussineau (hpoussin@reactos.org) * Hervé Poussineau (hpoussin@reactos.org)
*/ */
/* INCLUDES *******************************************************************/ /* INCLUDES *******************************************************************/
@@ -136,13 +136,19 @@ IopGetDriverNames(
if (NT_SUCCESS(status)) if (NT_SUCCESS(status))
{ {
/* We've got the ObjectName, use it as the driver name */ /* We've got the ObjectName, use it as the driver name */
if (kvInfo->Type != REG_SZ || kvInfo->DataLength == 0) if ((kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{ {
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo); ExFreePool(kvInfo);
return STATUS_ILL_FORMED_SERVICE_ENTRY; return STATUS_ILL_FORMED_SERVICE_ENTRY;
} }
driverName.Length = kvInfo->DataLength - sizeof(UNICODE_NULL); driverName.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
driverName.MaximumLength = kvInfo->DataLength; driverName.MaximumLength = kvInfo->DataLength;
driverName.Buffer = ExAllocatePoolWithTag(NonPagedPool, driverName.MaximumLength, TAG_IO); driverName.Buffer = ExAllocatePoolWithTag(NonPagedPool, driverName.MaximumLength, TAG_IO);
if (!driverName.Buffer) if (!driverName.Buffer)
@@ -963,13 +969,19 @@ IopInitializeBuiltinDriver(IN PLDR_DATA_TABLE_ENTRY BootLdrEntry)
{ {
continue; continue;
} }
if (kvInfo->Type != REG_SZ || kvInfo->DataLength == 0) if ((kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{ {
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo); ExFreePool(kvInfo);
continue; continue;
} }
instancePath.Length = kvInfo->DataLength - sizeof(UNICODE_NULL); instancePath.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
instancePath.MaximumLength = kvInfo->DataLength; instancePath.MaximumLength = kvInfo->DataLength;
instancePath.Buffer = ExAllocatePoolWithTag(NonPagedPool, instancePath.Buffer = ExAllocatePoolWithTag(NonPagedPool,
instancePath.MaximumLength, instancePath.MaximumLength,
@@ -1948,13 +1960,19 @@ IopLoadDriver(
Status = IopGetRegistryValue(ServiceHandle, L"ImagePath", &kvInfo); Status = IopGetRegistryValue(ServiceHandle, L"ImagePath", &kvInfo);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
if ((kvInfo->Type != REG_EXPAND_SZ && kvInfo->Type != REG_SZ) || kvInfo->DataLength == 0) if ((kvInfo->Type != REG_EXPAND_SZ && kvInfo->Type != REG_SZ) ||
(kvInfo->DataLength < sizeof(UNICODE_NULL)) ||
(kvInfo->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo->DataLength % sizeof(WCHAR)) != 0))
{ {
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo->Type,
kvInfo->DataLength);
ExFreePool(kvInfo); ExFreePool(kvInfo);
return STATUS_ILL_FORMED_SERVICE_ENTRY; return STATUS_ILL_FORMED_SERVICE_ENTRY;
} }
ImagePath.Length = kvInfo->DataLength - sizeof(UNICODE_NULL); ImagePath.Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL));
ImagePath.MaximumLength = kvInfo->DataLength; ImagePath.MaximumLength = kvInfo->DataLength;
ImagePath.Buffer = ExAllocatePoolWithTag(PagedPool, ImagePath.MaximumLength, TAG_RTLREGISTRY); ImagePath.Buffer = ExAllocatePoolWithTag(PagedPool, ImagePath.MaximumLength, TAG_RTLREGISTRY);
if (!ImagePath.Buffer) if (!ImagePath.Buffer)

17
ntoskrnl/io/pnpmgr/devaction.c
View File

@@ -628,11 +628,14 @@ PiCallDriverAddDevice(
Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo); Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
if (kvInfo->Type == REG_SZ && kvInfo->DataLength > sizeof(WCHAR)) if ((kvInfo->Type == REG_SZ) &&
(kvInfo->DataLength > sizeof(UNICODE_NULL)) &&
(kvInfo->DataLength <= UNICODE_STRING_MAX_BYTES) &&
((kvInfo->DataLength % sizeof(WCHAR)) == 0))
{ {
UNICODE_STRING classGUID = { UNICODE_STRING classGUID = {
.MaximumLength = kvInfo->DataLength, .MaximumLength = kvInfo->DataLength,
.Length = kvInfo->DataLength - sizeof(UNICODE_NULL), .Length = (USHORT)(kvInfo->DataLength - sizeof(UNICODE_NULL)),
.Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset) .Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset)
}; };
HANDLE ccsControlHandle; HANDLE ccsControlHandle;
@@ -1363,14 +1366,20 @@ IopSetServiceEnumData(
return Status; return Status;
} }
if (kvInfo2->Type != REG_SZ || kvInfo2->DataLength <= sizeof(WCHAR)) if ((kvInfo2->Type != REG_SZ) ||
(kvInfo2->DataLength <= sizeof(UNICODE_NULL)) ||
(kvInfo2->DataLength > UNICODE_STRING_MAX_BYTES) ||
((kvInfo2->DataLength % sizeof(WCHAR)) != 0))
{ {
DPRINT1("ObjectName invalid (Type = %lu, DataLength = %lu)\n",
kvInfo2->Type,
kvInfo2->DataLength);
ExFreePool(kvInfo2); ExFreePool(kvInfo2);
return STATUS_UNSUCCESSFUL; return STATUS_UNSUCCESSFUL;
} }
ServiceName.MaximumLength = kvInfo2->DataLength; ServiceName.MaximumLength = kvInfo2->DataLength;
ServiceName.Length = kvInfo2->DataLength - sizeof(UNICODE_NULL); ServiceName.Length = (USHORT)(kvInfo2->DataLength - sizeof(UNICODE_NULL));
ServiceName.Buffer = (PVOID)((ULONG_PTR)kvInfo2 + kvInfo2->DataOffset); ServiceName.Buffer = (PVOID)((ULONG_PTR)kvInfo2 + kvInfo2->DataOffset);
DPRINT("IopSetServiceEnumData(%p)\n", DeviceNode); DPRINT("IopSetServiceEnumData(%p)\n", DeviceNode);

2
ntoskrnl/ob/oblink.c
View File

@@ -442,7 +442,7 @@ ObpParseSymbolicLink(IN PVOID ParsedObject,
POBJECT_SYMBOLIC_LINK SymlinkObject = (POBJECT_SYMBOLIC_LINK)ParsedObject; POBJECT_SYMBOLIC_LINK SymlinkObject = (POBJECT_SYMBOLIC_LINK)ParsedObject;
PUNICODE_STRING TargetPath; PUNICODE_STRING TargetPath;
PWSTR NewTargetPath; PWSTR NewTargetPath;
ULONG LengthUsed, MaximumLength, TempLength; SIZE_T LengthUsed, MaximumLength, TempLength;
NTSTATUS Status; NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();