Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2026-06-18 02:26:03 -05:00
Code Activity

sys: FspVolumeNotify: fix integer overflow vulnerability

Browse Source 
This vulnerability was reported by:
- Tay Kiat Loong (GitHub: @owl4444)
- uhg (GitHub: @UltimateHG)
This commit is contained in:
Bill Zissimopoulos
2026-06-13 16:41:35 +03:00
parent bdab233e92
commit bd8b54c469
3 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tst/winfsp-tests/notify-test.c
+32
View File
@@ -27,6 +27,37 @@
#include "winfsp-tests.h"
static
void notify_invalid_dotest(ULONG Flags)
{
void *memfs = memfs_start(Flags);
FSP_FILE_SYSTEM *FileSystem = MemfsFileSystem(memfs);
NTSTATUS Result;
Result = FspFsctlNotify(FileSystem->VolumeHandle, 0, 1);
ASSERT(STATUS_ACCESS_VIOLATION == Result);
Result = FspFsctlNotify(FileSystem->VolumeHandle, 0, FSP_FSCTL_NOTIFY_INFO_SIZEMAX);
ASSERT(STATUS_ACCESS_VIOLATION == Result || STATUS_INSUFFICIENT_RESOURCES == Result);
Result = FspFsctlNotify(FileSystem->VolumeHandle, 0, FSP_FSCTL_NOTIFY_INFO_SIZEMAX + 1);
ASSERT(STATUS_INVALID_PARAMETER == Result);
Result = FspFsctlNotify(FileSystem->VolumeHandle, 0, 0xffffffffU);
ASSERT(STATUS_INVALID_PARAMETER == Result);
memfs_stop(memfs);
}
static
void notify_invalid_test(void)
{
if (WinFspDiskTests)
notify_invalid_dotest(MemfsDisk);
if (WinFspNetTests)
notify_invalid_dotest(MemfsNet);
}
static
void notify_abandon_dotest(ULONG Flags)
{
@@ -479,6 +510,7 @@ void notify_tests(void)
if (OptExternal || OptNotify)
return;
TEST(notify_invalid_test);
TEST(notify_abandon_test);
TEST(notify_abandon_rename_test);
/* OBSOLETE: it is now possible to have multiple outstanding NotifyBegin() calls. */