Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-23 17:03:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: FspFileSystemDispatcherThread: sanitize response on return from user-mode file system

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-02-20 23:01:27 -08:00
parent b58236bf95
commit c00bf8c96a
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/dll/dispatch.c
View File

@ -68,7 +68,7 @@ static DWORD WINAPI FspFileSystemDispatcherThread(PVOID FileSystem0)
{ {
FSP_FILE_SYSTEM *FileSystem = FileSystem0; FSP_FILE_SYSTEM *FileSystem = FileSystem0;
NTSTATUS Result; NTSTATUS Result;
SIZE_T RequestSize; SIZE_T RequestSize, ResponseSize;
FSP_FSCTL_TRANSACT_REQ *Request = 0; FSP_FSCTL_TRANSACT_REQ *Request = 0;
FSP_FSCTL_TRANSACT_RSP *Response = 0; FSP_FSCTL_TRANSACT_RSP *Response = 0;
HANDLE DispatcherThread = 0; HANDLE DispatcherThread = 0;
@ -122,6 +122,21 @@ static DWORD WINAPI FspFileSystemDispatcherThread(PVOID FileSystem0)
} }
else else
Response->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST; Response->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
ResponseSize = FSP_FSCTL_DEFAULT_ALIGN_UP(Response->Size);
if (FSP_FSCTL_TRANSACT_RSP_SIZEMAX < ResponseSize/* should NOT happen */)
{
memset(Response, 0, sizeof *Response);
Response->Size = sizeof *Response;
Response->Kind = Request->Kind;
Response->Hint = Request->Hint;
Response->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;
}
else
{
memset((PUINT8)Response + Response->Size, 0, ResponseSize - Response->Size);
Response->Size = (UINT16)ResponseSize;
}
} }
exit: exit: