[ros-diffs] [reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile

Jérôme Gardou Tue, 22 Dec 2020 02:03:09 -0800

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a6c0af2e218cba4dc6f1a9b2254f9a37a997ff6a


commit a6c0af2e218cba4dc6f1a9b2254f9a37a997ff6a
Author:     Jérôme Gardou <[email protected]>
AuthorDate: Fri Dec 18 17:21:01 2020 +0100
Commit:     Jérôme Gardou <[email protected]>
CommitDate: Tue Dec 22 11:02:33 2020 +0100

    [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & 
NtWriteFile
---
 ntoskrnl/io/iomgr/iofunc.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c
index 627ff9644b3..62c7799e47a 100644
--- a/ntoskrnl/io/iomgr/iofunc.c
+++ b/ntoskrnl/io/iomgr/iofunc.c
@@ -2776,6 +2776,14 @@ NtReadFile(IN HANDLE FileHandle,
         if (Key) CapturedKey = *Key;
     }
 
+    /* Check for invalid offset */
+    if ((CapturedByteOffset.QuadPart < 0) && (CapturedByteOffset.QuadPart != 
-2))
+    {
+        /* -2 is FILE_USE_FILE_POINTER_POSITION */
+        ObDereferenceObject(FileObject);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Check for event */
     if (Event)
     {
@@ -3827,6 +3835,15 @@ NtWriteFile(IN HANDLE FileHandle,
         if (Key) CapturedKey = *Key;
     }
 
+    /* Check for invalid offset */
+    if (CapturedByteOffset.QuadPart < -2)
+    {
+        /* -1 is FILE_WRITE_TO_END_OF_FILE */
+        /* -2 is FILE_USE_FILE_POINTER_POSITION */
+        ObDereferenceObject(FileObject);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Check if this is an append operation */
     if ((ObjectHandleInfo.GrantedAccess &
         (FILE_APPEND_DATA | FILE_WRITE_DATA)) == FILE_APPEND_DATA)

[ros-diffs] [reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile

Reply via email to