ntdll: Do not accept device control requests with invalid and/or incompatible handles Also added some tests, and tested with WinXP

[Peter Dons Tychsen (none)]

---
 dlls/ntdll/file.c       |   10 ++++++++++
 dlls/ntdll/tests/file.c |   25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 0 deletions(-)

diff --git a/dlls/ntdll/file.c b/dlls/ntdll/file.c
index 62f6743..f820cba 100644
--- a/dlls/ntdll/file.c
+++ b/dlls/ntdll/file.c
@@ -1289,6 +1289,16 @@ NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE handle, HANDLE event,
 {
     ULONG device = (code >> 16);
     NTSTATUS status = STATUS_NOT_SUPPORTED;
+    IO_STATUS_BLOCK io_handle;
+    FILE_FS_DEVICE_INFORMATION info_handle;
+    NTSTATUS status_handle;
+
+    /* Check if handle is appriopriate for this kind of device control */
+    status_handle = NtQueryVolumeInformationFile(handle, &io_handle, &info_handle, sizeof(info_handle), FileFsDeviceInformation);
+    if((status_handle != STATUS_SUCCESS) || (info_handle.DeviceType != device))
+    {
+      return STATUS_INVALID_HANDLE;
+    }
 
     TRACE("(%p,%p,%p,%p,%p,0x%08x,%p,0x%08x,%p,0x%08x)\n",
           handle, event, apc, apc_context, io, code,
diff --git a/dlls/ntdll/tests/file.c b/dlls/ntdll/tests/file.c
index 26a854a..5cc8256 100644
--- a/dlls/ntdll/tests/file.c
+++ b/dlls/ntdll/tests/file.c
@@ -34,6 +34,8 @@
 
 #include "wine/test.h"
 #include "winternl.h"
+#include "winioctl.h"
+#include "ddk/ntddser.h"
 
 #ifndef IO_COMPLETION_ALL_ACCESS
 #define IO_COMPLETION_ALL_ACCESS 0x001F0003
@@ -64,6 +66,11 @@ static NTSTATUS (WINAPI *pNtQueryIoCompletion)(HANDLE, IO_COMPLETION_INFORMATION
 static NTSTATUS (WINAPI *pNtRemoveIoCompletion)(HANDLE, PULONG_PTR, PULONG_PTR, PIO_STATUS_BLOCK, PLARGE_INTEGER);
 static NTSTATUS (WINAPI *pNtSetIoCompletion)(HANDLE, ULONG_PTR, ULONG_PTR, NTSTATUS, ULONG);
 static NTSTATUS (WINAPI *pNtSetInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
+static NTSTATUS (WINAPI *pNtDeviceIoControlFile)(HANDLE handle, HANDLE event,
+                                      PIO_APC_ROUTINE apc, PVOID apc_context,
+                                      PIO_STATUS_BLOCK io, ULONG code,
+                                      PVOID in_buffer, ULONG in_size,
+                                      PVOID out_buffer, ULONG out_size);
 
 static inline BOOL is_signaled( HANDLE obj )
 {
@@ -805,6 +812,22 @@ static void test_iocompletion(void)
     }
 }
 
+static void test_device_control(void)
+{
+    IO_STATUS_BLOCK io;
+    NTSTATUS status;
+
+    /* Try using a bugus handle for I/O control */
+    HANDLE handle = (HANDLE)0xdeadbeef;
+    status = pNtDeviceIoControlFile(handle, NULL, NULL, NULL, &io, IOCTL_SERIAL_SET_BAUD_RATE, NULL, 0, NULL, 0);
+    ok(status == STATUS_INVALID_HANDLE, "Expected %08X, got %08X\n", STATUS_INVALID_HANDLE, status);
+
+    /* Try using an valid (but wrong) handle for I/O control */
+    handle = GetStdHandle(STD_INPUT_HANDLE);
+    status = pNtDeviceIoControlFile(handle, NULL, NULL, NULL, &io, IOCTL_SERIAL_SET_BAUD_RATE, NULL, 0, NULL, 0);
+    ok(status == STATUS_INVALID_HANDLE, "Expected %08X, got %08X\n", STATUS_INVALID_HANDLE, status);
+}
+
 START_TEST(file)
 {
     HMODULE hntdll = GetModuleHandleA("ntdll.dll");
@@ -830,9 +853,11 @@ START_TEST(file)
     pNtRemoveIoCompletion   = (void *)GetProcAddress(hntdll, "NtRemoveIoCompletion");
     pNtSetIoCompletion      = (void *)GetProcAddress(hntdll, "NtSetIoCompletion");
     pNtSetInformationFile   = (void *)GetProcAddress(hntdll, "NtSetInformationFile");
+    pNtDeviceIoControlFile  = (void *)GetProcAddress(hntdll, "NtDeviceIoControlFile");
 
     delete_file_test();
     read_file_test();
     nt_mailslot_test();
     test_iocompletion();
+    test_device_control();
 }
-- 
1.6.2.5


--=-4IuVXTJD1VkZutSTR+RE--