[PATCH v3] ntdll: Avoid reqeuests with null pointer but invalid size.
Bernhard Übelacker
bernhardu at mailbox.org
Mon May 30 02:05:59 CDT 2022
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51770
Signed-off-by: Bernhard Übelacker <bernhardu at mailbox.org>
---
v1: https://www.winehq.org/pipermail/wine-devel/2021-December/202913.html
https://www.winehq.org/pipermail/wine-devel/2022-April/213866.html
https://www.winehq.org/pipermail/wine-devel/2022-April/214075.html
v2: Validate pointer before calling wine_server_add_data.
https://www.winehq.org/pipermail/wine-devel/2022-April/214306.html
https://www.winehq.org/pipermail/wine-devel/2022-May/215635.html
v3: Move check to DeviceIoControl.
Always use fixed values for IOCTL_STORAGE_GET_DEVICE_NUMBER.
Remove warning at expected hang.
---
dlls/kernel32/tests/volume.c | 16 ++++++++++++++++
dlls/kernelbase/file.c | 5 +++++
2 files changed, 21 insertions(+)
diff --git a/dlls/kernel32/tests/volume.c b/dlls/kernel32/tests/volume.c
index 9166cf228d9..4bee4207a37 100644
--- a/dlls/kernel32/tests/volume.c
+++ b/dlls/kernel32/tests/volume.c
@@ -618,6 +618,7 @@ static void test_disk_query_property(void)
STORAGE_PROPERTY_QUERY query = {0};
STORAGE_DESCRIPTOR_HEADER header = {0};
STORAGE_DEVICE_DESCRIPTOR descriptor = {0};
+ STORAGE_DEVICE_NUMBER device_number = {0};
HANDLE handle;
DWORD error;
DWORD size;
@@ -654,6 +655,21 @@ static void test_disk_query_property(void)
ok(descriptor.Version == sizeof(descriptor), "got descriptor.Version %ld\n", descriptor.Version);
ok(descriptor.Size >= sizeof(descriptor), "got descriptor.Size %ld\n", descriptor.Size);
+ SetLastError(0xdeadbeef);
+ ret = DeviceIoControl(handle, IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &device_number, sizeof(device_number), &size, NULL);
+ error = GetLastError();
+ ok(ret, "expect ret %#x, got %#x\n", TRUE, ret);
+ ok(error == 0xdeadbeef, "expect err %#x, got err %#x\n", 0xdeadbeef, error);
+ ok(size == sizeof(device_number), "got size %d\n", size);
+
+ /* unclean call with valid in_buffer=NULL but incorrect in_size=4 */
+ SetLastError(0xdeadbeef);
+ ret = DeviceIoControl(handle, IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 4, &device_number, sizeof(device_number), &size, NULL);
+ error = GetLastError();
+ ok(ret, "expect ret %#x, got %#x\n", TRUE, ret);
+ ok(error == 0xdeadbeef, "expect err %#x, got err %#x\n", 0xdeadbeef, error);
+ ok(size == sizeof(device_number), "got size %d\n", size);
+
CloseHandle(handle);
}
diff --git a/dlls/kernelbase/file.c b/dlls/kernelbase/file.c
index 8ae982294f6..21df197da2c 100644
--- a/dlls/kernelbase/file.c
+++ b/dlls/kernelbase/file.c
@@ -4111,6 +4111,11 @@ BOOL WINAPI DECLSPEC_HOTPATCH DeviceIoControl( HANDLE handle, DWORD code, void *
TRACE( "(%p,%lx,%p,%ld,%p,%ld,%p,%p)\n",
handle, code, in_buff, in_count, out_buff, out_count, returned, overlapped );
+ if (code == IOCTL_STORAGE_GET_DEVICE_NUMBER) {
+ in_buff = NULL;
+ in_count = 0;
+ }
+
if (overlapped)
{
piosb = (IO_STATUS_BLOCK *)overlapped;
--
2.35.1
More information about the wine-devel
mailing list