diff --git a/src/sys/dirctl.c b/src/sys/dirctl.c index 53f570c2..616456d4 100644 --- a/src/sys/dirctl.c +++ b/src/sys/dirctl.c @@ -855,6 +855,10 @@ NTSTATUS FspFsvolDirectoryControlComplete( } FSP_FSCTL_TRANSACT_REQ *Request = FspIrpRequest(Irp); + + if (Response->IoStatus.Information > Request->Req.QueryDirectory.Length) + FSP_RETURN(Result = STATUS_INTERNAL_ERROR); + PFILE_OBJECT FileObject = IrpSp->FileObject; FSP_FILE_NODE *FileNode = FileObject->FsContext; FSP_FILE_DESC *FileDesc = FileObject->FsContext2; diff --git a/src/sys/fileinfo.c b/src/sys/fileinfo.c index b9309eea..42f68791 100644 --- a/src/sys/fileinfo.c +++ b/src/sys/fileinfo.c @@ -546,7 +546,7 @@ static NTSTATUS FspFsvolQueryStreamInformationSuccess( (PUINT8)Response + Response->Size) { Irp->IoStatus.Information = 0; - return STATUS_INFO_LENGTH_MISMATCH; /* ???: what is the best code to return here? */ + return STATUS_INTERNAL_ERROR; } FspIopRequestContext(Request, RequestInfoChangeNumber) = (PVOID) diff --git a/src/sys/read.c b/src/sys/read.c index 1fd42ce1..405dbbce 100644 --- a/src/sys/read.c +++ b/src/sys/read.c @@ -347,6 +347,10 @@ NTSTATUS FspFsvolReadComplete( } FSP_FSCTL_TRANSACT_REQ *Request = FspIrpRequest(Irp); + + if (Response->IoStatus.Information > Request->Req.Read.Length) + FSP_RETURN(Result = STATUS_INTERNAL_ERROR); + FSP_SAFE_MDL *SafeMdl = FspIopRequestContext(Request, RequestSafeMdl); PFILE_OBJECT FileObject = IrpSp->FileObject; LARGE_INTEGER ReadOffset = IrpSp->Parameters.Read.ByteOffset; diff --git a/src/sys/write.c b/src/sys/write.c index cda6f68a..7f7f851a 100644 --- a/src/sys/write.c +++ b/src/sys/write.c @@ -405,6 +405,10 @@ NTSTATUS FspFsvolWriteComplete( } FSP_FSCTL_TRANSACT_REQ *Request = FspIrpRequest(Irp); + + if (Response->IoStatus.Information > Request->Req.Write.Length) + FSP_RETURN(Result = STATUS_INTERNAL_ERROR); + PFILE_OBJECT FileObject = IrpSp->FileObject; FSP_FILE_NODE *FileNode = FileObject->FsContext; LARGE_INTEGER WriteOffset = IrpSp->Parameters.Write.ByteOffset;