Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-23 00:43:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: FspEaBufferFromOriginatingProcessValidate, FspEaBufferFromFileSystemValidate

Browse Source
This commit is contained in:
Bill Zissimopoulos 2019-03-20 19:06:24 -07:00
parent 8c6d037332
commit 2d0c8e14be
No known key found for this signature in database
GPG Key ID: 3D4F95D52C7B3EA3
4 changed files with 45 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/sys/create.c
View File

@ -314,7 +314,8 @@ static NTSTATUS FspFsvolCreateNoLock(
return STATUS_ACCESS_DENIED; return STATUS_ACCESS_DENIED;
/* is the EA buffer valid? */ /* is the EA buffer valid? */
Result = FspEaBufferAndNamesValid(EaBuffer, EaLength, (PULONG)&Irp->IoStatus.Information); Result = FspEaBufferFromOriginatingProcessValidate(
EaBuffer, EaLength, (PULONG)&Irp->IoStatus.Information);
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
return Result; return Result;
} }

6
src/sys/driver.h
View File

@ -515,7 +515,11 @@ NTSTATUS FspCcFlushCache(PSECTION_OBJECT_POINTERS SectionObjectPointer,
NTSTATUS FspQuerySecurityDescriptorInfo(SECURITY_INFORMATION SecurityInformation, NTSTATUS FspQuerySecurityDescriptorInfo(SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR SecurityDescriptor, PULONG PLength, PSECURITY_DESCRIPTOR SecurityDescriptor, PULONG PLength,
PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor); PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor);
NTSTATUS FspEaBufferAndNamesValid( NTSTATUS FspEaBufferFromOriginatingProcessValidate(
PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length,
PULONG PErrorOffset);
NTSTATUS FspEaBufferFromFileSystemValidate(
PFILE_FULL_EA_INFORMATION Buffer, PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length, ULONG Length,
PULONG PErrorOffset); PULONG PErrorOffset);

13
src/sys/ea.c
View File

@ -440,8 +440,9 @@ NTSTATUS FspFsvolQueryEaComplete(
Result = STATUS_EA_LIST_INCONSISTENT; Result = STATUS_EA_LIST_INCONSISTENT;
FSP_RETURN(); FSP_RETURN();
} }
Irp->IoStatus.Information = 0; Result = FspEaBufferFromFileSystemValidate(
Result = IoCheckEaBufferValidity((PVOID)Response->Buffer, Response->Rsp.QueryEa.Ea.Size, (PVOID)Response->Buffer, /* FspEaBufferFromFileSystemValidate may alter the buffer! */
Response->Rsp.QueryEa.Ea.Size,
(PULONG)&Irp->IoStatus.Information); (PULONG)&Irp->IoStatus.Information);
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
FSP_RETURN(); FSP_RETURN();
@ -534,7 +535,8 @@ static NTSTATUS FspFsvolSetEa(
return Result; return Result;
Buffer = Irp->AssociatedIrp.SystemBuffer; Buffer = Irp->AssociatedIrp.SystemBuffer;
Result = FspEaBufferAndNamesValid(Buffer, Length, (PULONG)&Irp->IoStatus.Information); Result = FspEaBufferFromOriginatingProcessValidate(
Buffer, Length, (PULONG)&Irp->IoStatus.Information);
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
return Result; return Result;
@ -583,8 +585,9 @@ NTSTATUS FspFsvolSetEaComplete(
Response->Buffer + Response->Rsp.SetEa.Ea.Size <= Response->Buffer + Response->Rsp.SetEa.Ea.Size <=
(PUINT8)Response + Response->Size) (PUINT8)Response + Response->Size)
{ {
Irp->IoStatus.Information = 0; Result = FspEaBufferFromFileSystemValidate(
Result = IoCheckEaBufferValidity((PVOID)Response->Buffer, Response->Rsp.QueryEa.Ea.Size, (PVOID)Response->Buffer, /* FspEaBufferFromFileSystemValidate may alter the buffer! */
Response->Rsp.SetEa.Ea.Size,
(PULONG)&Irp->IoStatus.Information); (PULONG)&Irp->IoStatus.Information);
Valid = NT_SUCCESS(Result); Valid = NT_SUCCESS(Result);
} }

33
src/sys/util.c
View File

@ -49,7 +49,11 @@ NTSTATUS FspCcFlushCache(PSECTION_OBJECT_POINTERS SectionObjectPointer,
NTSTATUS FspQuerySecurityDescriptorInfo(SECURITY_INFORMATION SecurityInformation, NTSTATUS FspQuerySecurityDescriptorInfo(SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR SecurityDescriptor, PULONG PLength, PSECURITY_DESCRIPTOR SecurityDescriptor, PULONG PLength,
PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor); PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor);
NTSTATUS FspEaBufferAndNamesValid( NTSTATUS FspEaBufferFromOriginatingProcessValidate(
PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length,
PULONG PErrorOffset);
NTSTATUS FspEaBufferFromFileSystemValidate(
PFILE_FULL_EA_INFORMATION Buffer, PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length, ULONG Length,
PULONG PErrorOffset); PULONG PErrorOffset);
@ -133,7 +137,8 @@ NTSTATUS FspIrpHookNext(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context);
#pragma alloc_text(PAGE, FspCcMdlWriteComplete) #pragma alloc_text(PAGE, FspCcMdlWriteComplete)
#pragma alloc_text(PAGE, FspCcFlushCache) #pragma alloc_text(PAGE, FspCcFlushCache)
#pragma alloc_text(PAGE, FspQuerySecurityDescriptorInfo) #pragma alloc_text(PAGE, FspQuerySecurityDescriptorInfo)
#pragma alloc_text(PAGE, FspEaBufferAndNamesValid) #pragma alloc_text(PAGE, FspEaBufferFromOriginatingProcessValidate)
#pragma alloc_text(PAGE, FspEaBufferFromFileSystemValidate)
#pragma alloc_text(PAGE, FspNotifyInitializeSync) #pragma alloc_text(PAGE, FspNotifyInitializeSync)
#pragma alloc_text(PAGE, FspNotifyFullChangeDirectory) #pragma alloc_text(PAGE, FspNotifyFullChangeDirectory)
#pragma alloc_text(PAGE, FspNotifyFullReportChange) #pragma alloc_text(PAGE, FspNotifyFullReportChange)
@ -583,7 +588,7 @@ NTSTATUS FspQuerySecurityDescriptorInfo(SECURITY_INFORMATION SecurityInformation
return STATUS_BUFFER_TOO_SMALL == Result ? STATUS_BUFFER_OVERFLOW : Result; return STATUS_BUFFER_TOO_SMALL == Result ? STATUS_BUFFER_OVERFLOW : Result;
} }
NTSTATUS FspEaBufferAndNamesValid( NTSTATUS FspEaBufferFromOriginatingProcessValidate(
PFILE_FULL_EA_INFORMATION Buffer, PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length, ULONG Length,
PULONG PErrorOffset) PULONG PErrorOffset)
@ -598,6 +603,7 @@ NTSTATUS FspEaBufferAndNamesValid(
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
return Result; return Result;
/* check that the EA names are valid */
for (PFILE_FULL_EA_INFORMATION Ea = Buffer, EaEnd = (PVOID)((PUINT8)Ea + Length); for (PFILE_FULL_EA_INFORMATION Ea = Buffer, EaEnd = (PVOID)((PUINT8)Ea + Length);
EaEnd > Ea; Ea = FSP_NEXT_EA(Ea, EaEnd)) EaEnd > Ea; Ea = FSP_NEXT_EA(Ea, EaEnd))
{ {
@ -616,6 +622,27 @@ NTSTATUS FspEaBufferAndNamesValid(
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
NTSTATUS FspEaBufferFromFileSystemValidate(
PFILE_FULL_EA_INFORMATION Buffer,
ULONG Length,
PULONG PErrorOffset)
{
PAGED_CODE();
PFILE_FULL_EA_INFORMATION LastEa = 0;
*PErrorOffset = 0;
/* EA buffers from the user mode file system are allowed to end with NextEntryOffset != 0 */
for (PFILE_FULL_EA_INFORMATION Ea = Buffer, EaEnd = (PVOID)((PUINT8)Ea + Length);
EaEnd > Ea; Ea = FSP_NEXT_EA(Ea, EaEnd))
LastEa = Ea;
if (0 != LastEa)
LastEa->NextEntryOffset = 0;
return IoCheckEaBufferValidity(Buffer, Length, PErrorOffset);
}
NTSTATUS FspNotifyInitializeSync(PNOTIFY_SYNC *NotifySync) NTSTATUS FspNotifyInitializeSync(PNOTIFY_SYNC *NotifySync)
{ {
PAGED_CODE(); PAGED_CODE();