[PATCH 3/8] mountmgr: Validate the output size for IOCTL_MOUNTMGR_QUERY_POINTS.

Zebediah Figura zfigura at codeweavers.com
Sat Aug 28 00:42:03 CDT 2021 

Signed-off-by: Zebediah Figura <zfigura at codeweavers.com>
---
 dlls/kernel32/tests/volume.c | 6 +++---
 dlls/mountmgr.sys/mountmgr.c | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/dlls/kernel32/tests/volume.c b/dlls/kernel32/tests/volume.c
index 17c24eecb66..50b9c134d39 100644
--- a/dlls/kernel32/tests/volume.c
+++ b/dlls/kernel32/tests/volume.c
@@ -1657,7 +1657,7 @@ static void test_mountmgr_query_points(void)
     io.Information = 0xdeadf00d;
     status = NtDeviceIoControlFile( file, NULL, NULL, NULL, &io,
             IOCTL_MOUNTMGR_QUERY_POINTS, input, sizeof(*input), NULL, 0 );
-    todo_wine ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status);
+    ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status);
     todo_wine ok(io.Status == 0xdeadf00d, "got status %#x\n", io.Status);
     todo_wine ok(io.Information == 0xdeadf00d, "got information %#Ix\n", io.Information);
 
@@ -1666,10 +1666,10 @@ static void test_mountmgr_query_points(void)
     memset(output_buffer, 0xcc, sizeof(output_buffer));
     status = NtDeviceIoControlFile( file, NULL, NULL, NULL, &io,
             IOCTL_MOUNTMGR_QUERY_POINTS, input, sizeof(*input), output, sizeof(*output) - 1 );
-    todo_wine ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status);
+    ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status);
     todo_wine ok(io.Status == 0xdeadf00d, "got status %#x\n", io.Status);
     todo_wine ok(io.Information == 0xdeadf00d, "got information %#Ix\n", io.Information);
-    todo_wine ok(output->Size == 0xcccccccc, "got size %u\n", output->Size);
+    ok(output->Size == 0xcccccccc, "got size %u\n", output->Size);
     ok(output->NumberOfMountPoints == 0xcccccccc, "got count %u\n", output->NumberOfMountPoints);
 
     io.Status = 0xdeadf00d;
diff --git a/dlls/mountmgr.sys/mountmgr.c b/dlls/mountmgr.sys/mountmgr.c
index 3dd2cc84da2..97e52d51e98 100644
--- a/dlls/mountmgr.sys/mountmgr.c
+++ b/dlls/mountmgr.sys/mountmgr.c
@@ -169,6 +169,7 @@ static NTSTATUS query_mount_points( void *buff, SIZE_T insize,
     struct mount_point *mount;
 
     if (insize < sizeof(*input) ||
+        outsize < sizeof(*info) ||
         input->SymbolicLinkNameOffset + input->SymbolicLinkNameLength > insize ||
         input->UniqueIdOffset + input->UniqueIdLength > insize ||
         input->DeviceNameOffset + input->DeviceNameLength > insize ||
@@ -193,7 +194,7 @@ static NTSTATUS query_mount_points( void *buff, SIZE_T insize,
     if (size > outsize)
     {
         info = buff;
-        if (size >= sizeof(info->Size)) info->Size = size;
+        info->Size = size;
         iosb->Information = sizeof(info->Size);
         return STATUS_MORE_ENTRIES;
     }
-- 
2.33.0

More information about the wine-devel mailing list