ntdll: Do not accept device control requests with invalid and/or incompatible handles Also added some tests, and tested with WinXP
Peter Dons Tychsen (none)
donpedro at donpedro.
Sat Sep 5 09:41:54 CDT 2009
---
dlls/ntdll/file.c | 10 ++++++++++
dlls/ntdll/tests/file.c | 25 +++++++++++++++++++++++++
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/dlls/ntdll/file.c b/dlls/ntdll/file.c
index 62f6743..f820cba 100644
--- a/dlls/ntdll/file.c
+++ b/dlls/ntdll/file.c
@@ -1289,6 +1289,16 @@ NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE handle, HANDLE event,
{
ULONG device = (code >> 16);
NTSTATUS status = STATUS_NOT_SUPPORTED;
+ IO_STATUS_BLOCK io_handle;
+ FILE_FS_DEVICE_INFORMATION info_handle;
+ NTSTATUS status_handle;
+
+ /* Check if handle is appriopriate for this kind of device control */
+ status_handle = NtQueryVolumeInformationFile(handle, &io_handle, &info_handle, sizeof(info_handle), FileFsDeviceInformation);
+ if((status_handle != STATUS_SUCCESS) || (info_handle.DeviceType != device))
+ {
+ return STATUS_INVALID_HANDLE;
+ }
TRACE("(%p,%p,%p,%p,%p,0x%08x,%p,0x%08x,%p,0x%08x)\n",
handle, event, apc, apc_context, io, code,
diff --git a/dlls/ntdll/tests/file.c b/dlls/ntdll/tests/file.c
index 26a854a..5cc8256 100644
--- a/dlls/ntdll/tests/file.c
+++ b/dlls/ntdll/tests/file.c
@@ -34,6 +34,8 @@
#include "wine/test.h"
#include "winternl.h"
+#include "winioctl.h"
+#include "ddk/ntddser.h"
#ifndef IO_COMPLETION_ALL_ACCESS
#define IO_COMPLETION_ALL_ACCESS 0x001F0003
@@ -64,6 +66,11 @@ static NTSTATUS (WINAPI *pNtQueryIoCompletion)(HANDLE, IO_COMPLETION_INFORMATION
static NTSTATUS (WINAPI *pNtRemoveIoCompletion)(HANDLE, PULONG_PTR, PULONG_PTR, PIO_STATUS_BLOCK, PLARGE_INTEGER);
static NTSTATUS (WINAPI *pNtSetIoCompletion)(HANDLE, ULONG_PTR, ULONG_PTR, NTSTATUS, ULONG);
static NTSTATUS (WINAPI *pNtSetInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
+static NTSTATUS (WINAPI *pNtDeviceIoControlFile)(HANDLE handle, HANDLE event,
+ PIO_APC_ROUTINE apc, PVOID apc_context,
+ PIO_STATUS_BLOCK io, ULONG code,
+ PVOID in_buffer, ULONG in_size,
+ PVOID out_buffer, ULONG out_size);
static inline BOOL is_signaled( HANDLE obj )
{
@@ -805,6 +812,22 @@ static void test_iocompletion(void)
}
}
+static void test_device_control(void)
+{
+ IO_STATUS_BLOCK io;
+ NTSTATUS status;
+
+ /* Try using a bugus handle for I/O control */
+ HANDLE handle = (HANDLE)0xdeadbeef;
+ status = pNtDeviceIoControlFile(handle, NULL, NULL, NULL, &io, IOCTL_SERIAL_SET_BAUD_RATE, NULL, 0, NULL, 0);
+ ok(status == STATUS_INVALID_HANDLE, "Expected %08X, got %08X\n", STATUS_INVALID_HANDLE, status);
+
+ /* Try using an valid (but wrong) handle for I/O control */
+ handle = GetStdHandle(STD_INPUT_HANDLE);
+ status = pNtDeviceIoControlFile(handle, NULL, NULL, NULL, &io, IOCTL_SERIAL_SET_BAUD_RATE, NULL, 0, NULL, 0);
+ ok(status == STATUS_INVALID_HANDLE, "Expected %08X, got %08X\n", STATUS_INVALID_HANDLE, status);
+}
+
START_TEST(file)
{
HMODULE hntdll = GetModuleHandleA("ntdll.dll");
@@ -830,9 +853,11 @@ START_TEST(file)
pNtRemoveIoCompletion = (void *)GetProcAddress(hntdll, "NtRemoveIoCompletion");
pNtSetIoCompletion = (void *)GetProcAddress(hntdll, "NtSetIoCompletion");
pNtSetInformationFile = (void *)GetProcAddress(hntdll, "NtSetInformationFile");
+ pNtDeviceIoControlFile = (void *)GetProcAddress(hntdll, "NtDeviceIoControlFile");
delete_file_test();
read_file_test();
nt_mailslot_test();
test_iocompletion();
+ test_device_control();
}
--
1.6.2.5
--=-4IuVXTJD1VkZutSTR+RE--
More information about the wine-patches
mailing list