From 7f823264542a3ab6fc00b7e042bc0a75089a975a Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Tue, 17 Feb 2026 20:48:01 +0200
Subject: [PATCH] sys: FspFastIoDeviceControl: add a couple of fixes

- Check that the operation succeeded prior to copying to the output buffer.
- Avoid information leaks by only copying what is necessary to the output
buffer (suggestion by Tay Kiat Loong).
---
 src/sys/devctl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/sys/devctl.c b/src/sys/devctl.c
index fed19f55..968b4146 100644
--- a/src/sys/devctl.c
+++ b/src/sys/devctl.c
@@ -80,6 +80,7 @@ BOOLEAN FspFastIoDeviceControl(
         FSP_RETURN(IoStatus->Status = STATUS_BUFFER_TOO_SMALL);
 
     PVOID SystemBuffer = 0;
+
     if (0 != InputBufferLength || 0 != OutputBufferLength)
     {
         SystemBuffer = FspAllocNonPaged(
@@ -115,14 +116,15 @@ BOOLEAN FspFastIoDeviceControl(
 
     if (0 != SystemBuffer)
     {
-        if (0 != OutputBuffer)
+        if (NT_SUCCESS(IoStatus->Status) && 0 != OutputBuffer)
             try
             {
-                RtlCopyMemory(OutputBuffer, SystemBuffer, OutputBufferLength);
+                RtlCopyMemory(OutputBuffer, SystemBuffer, IoStatus->Information);
             }
             except (EXCEPTION_EXECUTE_HANDLER)
             {
                 IoStatus->Status = GetExceptionCode();
+                IoStatus->Information = 0;
             }
         FspFree(SystemBuffer);
     }