sys: FspVolumeNotify: fix integer overflow vulnerability

This vulnerability was reported by: - Tay Kiat Loong (GitHub: @owl4444) - uhg (GitHub: @UltimateHG)
2026-06-17 18:16:02 -05:00 · 2026-06-13 16:41:35 +03:00
parent bdab233e92
commit bd8b54c469
3 changed files with 37 additions and 0 deletions
@@ -1389,6 +1389,9 @@ NTSTATUS FspVolumeNotify(
    if (0 == InputBufferLength)
        return FspVolumeNotifyLock(FsvolDeviceObject);

+    if (FSP_FSCTL_NOTIFY_INFO_SIZEMAX < InputBufferLength)
+        return STATUS_INVALID_PARAMETER;
+
    if (!FspDeviceReference(FsvolDeviceObject))
        return STATUS_CANCELLED;