sys: WIP

2025-04-23 17:03:12 -05:00 · 2015-11-24 16:54:10 -08:00 · 2015-11-24 16:54:10 -08:00 · 2d98e2a42d
commit 2d98e2a42d
parent 869793ea69
2 changed files with 40 additions and 4 deletions
--- a/inc/winfsp/fsctl.h
+++ b/inc/winfsp/fsctl.h
@ -32,4 +32,30 @@ extern const __declspec(selectany) GUID FspFsvrtDeviceClassGuid =
 #define FSP_FSCTL_CREATE_BUFFER_SIZE    64
 #define FSP_FSCTL_TRANSACT_BUFFER_SIZE  4096

+/* marshalling */
+#pragma warning(push)
+#pragma warning(disable:4200)           /* zero-sized array in struct/union */
+typedef struct
+{
+    ULONG Size;
+    UINT_PTR Hint;
+    UINT8 Kind;
+    union
+    {
+        UINT8 Placeholder; // !!!: REMOVE
+    } Req;
+} FSP_TRANSACT_REQ;
+typedef struct
+{
+    ULONG Size;
+    UINT_PTR Hint;
+    IO_STATUS_BLOCK IoStatus;
+    UINT8 Kind;
+    union
+    {
+        UINT8 Placeholder; // !!!: REMOVE
+    } Req;
+} FSP_TRANSACT_RSP;
+#pragma warning(pop)
+
 #endif
--- a/src/sys/fsctl.c
+++ b/src/sys/fsctl.c
@ -100,10 +100,11 @@ static NTSTATUS FspFsvrtDeleteVolume(
    PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp)
 {
    NTSTATUS Result;
+    FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension = FspFsvrtDeviceExtension(DeviceObject);

+    /* access check */
    Result = FspSecuritySubjectContextAccessCheck(
-        FspFsvrtDeviceExtension(DeviceObject)->SecurityDescriptorBuf,
-        FILE_WRITE_DATA, Irp->RequestorMode);
+        FsvrtDeviceExtension->SecurityDescriptorBuf, FILE_WRITE_DATA, Irp->RequestorMode);
    if (!NT_SUCCESS(Result))
        return Result;

@ -113,12 +114,21 @@ static NTSTATUS FspFsvrtDeleteVolume(
 static NTSTATUS FspFsvrtTransact(
    PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp)
 {
+    /* check parameters */
+    ULONG InputBufferLength = IrpSp->Parameters.FileSystemControl.InputBufferLength;
+    ULONG OutputBufferLength = IrpSp->Parameters.FileSystemControl.OutputBufferLength;
+    PVOID SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
+    if (sizeof(FSP_TRANSACT_RSP) > InputBufferLength || 0 == SystemBuffer)
+        return STATUS_INVALID_PARAMETER;
+    if (FSP_FSCTL_TRANSACT_BUFFER_SIZE > OutputBufferLength)
+        return STATUS_BUFFER_TOO_SMALL;
+
    NTSTATUS Result;
+    FSP_FSVRT_DEVICE_EXTENSION *FsvrtDeviceExtension = FspFsvrtDeviceExtension(DeviceObject);

    /* access check */
    Result = FspSecuritySubjectContextAccessCheck(
-        FspFsvrtDeviceExtension(DeviceObject)->SecurityDescriptorBuf,
-        FILE_WRITE_DATA, Irp->RequestorMode);
+        FsvrtDeviceExtension->SecurityDescriptorBuf, FILE_WRITE_DATA, Irp->RequestorMode);
    if (!NT_SUCCESS(Result))
        return Result;