[PATCH] mountmgr: Fix buffer length check.
Hans Leidekker
hans at codeweavers.com
Thu Jun 4 09:13:12 CDT 2020
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49305
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/mountmgr.sys/device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/mountmgr.sys/device.c b/dlls/mountmgr.sys/device.c
index c29ce9f924..d99a096c61 100644
--- a/dlls/mountmgr.sys/device.c
+++ b/dlls/mountmgr.sys/device.c
@@ -1780,7 +1780,7 @@ static void query_property( struct disk_device *device, IRP *irp )
if (!irp->UserBuffer
|| irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
irp->IoStatus.u.Status = STATUS_INVALID_PARAMETER;
- else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DEVICE_DESCRIPTOR))
+ else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < len)
{
descriptor = irp->UserBuffer;
descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
--
2.20.1
More information about the wine-devel
mailing list