From 804bcc3354affa88e7ff2a0ccc72e664f192ed11 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Sat, 22 Jun 2019 15:40:48 -0700
Subject: [PATCH] sys: FspVolumeTransactFsext:

- only allow ControlCodes with 0xC00 bits set in Function
---
 src/sys/fsctl.c  | 11 ++++++-----
 src/sys/volume.c |  2 ++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/sys/fsctl.c b/src/sys/fsctl.c
index 781052d3..38ce0e75 100644
--- a/src/sys/fsctl.c
+++ b/src/sys/fsctl.c
@@ -94,12 +94,13 @@ static NTSTATUS FspFsctlFileSystemControl(
             if (0 != IrpSp->FileObject->FsContext2)
                 Result = FspVolumeStop(FsctlDeviceObject, Irp, IrpSp);
             break;
-        case 0:
-            /* ensure that 0 != IrpSp->Parameters.FileSystemControl.FsControlCode in default: case */
-            break;
         default:
-            if (0 != IrpSp->FileObject->FsContext2)
-                Result = FspVolumeTransactFsext(FsctlDeviceObject, Irp, IrpSp);
+            if (CTL_CODE(0, 0xC00, 0, 0) ==
+                (IrpSp->Parameters.FileSystemControl.FsControlCode & CTL_CODE(0, 0xC00, 0, 0)))
+            {
+                if (0 != IrpSp->FileObject->FsContext2)
+                    Result = FspVolumeTransactFsext(FsctlDeviceObject, Irp, IrpSp);
+            }
             break;
         }
         break;
diff --git a/src/sys/volume.c b/src/sys/volume.c
index 5f781520..72bbfc4d 100644
--- a/src/sys/volume.c
+++ b/src/sys/volume.c
@@ -924,6 +924,8 @@ NTSTATUS FspVolumeTransactFsext(
 
     ASSERT(IRP_MJ_FILE_SYSTEM_CONTROL == IrpSp->MajorFunction);
     ASSERT(IRP_MN_USER_FS_REQUEST == IrpSp->MinorFunction);
+    ASSERT(CTL_CODE(0, 0xC00, 0, 0) ==
+        (IrpSp->Parameters.FileSystemControl.FsControlCode & CTL_CODE(0, 0xC00, 0, 0)));
     ASSERT(0 != IrpSp->FileObject->FsContext2);
 
     PDEVICE_OBJECT FsvolDeviceObject = IrpSp->FileObject->FsContext2;