mirror of
https://gitlab.winehq.org/wine/wine-staging.git
synced 2024-09-13 09:17:20 -07:00
ntdll-DVD_Read_Size: Avoid dereferencing NULL pointer / accessing structure when size is invalid.
This commit is contained in:
Sebastian Lackner
parent
16f0d70b79
commit
65c1bc4fd2
@ -1,22 +1,25 @@
|
||||
From 162a8926d371810046a9b651675672a4e9f6aeb2 Mon Sep 17 00:00:00 2001
|
||||
From 702df64368e9d8fbdeac60a5f0fd17f98cac139d Mon Sep 17 00:00:00 2001
|
||||
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
|
||||
Date: Mon, 22 Dec 2014 20:32:29 -0700
|
||||
Subject: ntdll: Fix expected IOCTL_DVD_READ_STRUCTURE expected output size.
|
||||
Subject: ntdll: Fix expected IOCTL_DVD_READ_STRUCTURE expected output size. (rev 2)
|
||||
|
||||
---
|
||||
dlls/ntdll/cdrom.c | 21 ++++++++++++++++++++-
|
||||
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||
dlls/ntdll/cdrom.c | 24 +++++++++++++++++++++++-
|
||||
1 file changed, 23 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dlls/ntdll/cdrom.c b/dlls/ntdll/cdrom.c
|
||||
index 62c3d16..7101e43 100644
|
||||
index 62c3d16..6ff120b 100644
|
||||
--- a/dlls/ntdll/cdrom.c
|
||||
+++ b/dlls/ntdll/cdrom.c
|
||||
@@ -2492,6 +2492,25 @@ static NTSTATUS DVD_GetRegion(int fd, PDVD_REGION region)
|
||||
@@ -2492,6 +2492,28 @@ static NTSTATUS DVD_GetRegion(int fd, PDVD_REGION region)
|
||||
#endif
|
||||
}
|
||||
|
||||
+static DWORD DVD_ReadStructureSize(const DVD_READ_STRUCTURE *structure)
|
||||
+static DWORD DVD_ReadStructureSize(const DVD_READ_STRUCTURE *structure, DWORD size)
|
||||
+{
|
||||
+ if (!structure || size != sizeof(DVD_READ_STRUCTURE))
|
||||
+ return 0;
|
||||
+
|
||||
+ switch (structure->Format)
|
||||
+ {
|
||||
+ case DvdPhysicalDescriptor:
|
||||
@ -37,15 +40,15 @@ index 62c3d16..7101e43 100644
|
||||
/******************************************************************
|
||||
* DVD_ReadStructure
|
||||
*
|
||||
@@ -3095,7 +3114,7 @@ NTSTATUS CDROM_DeviceIoControl(HANDLE hDevice,
|
||||
@@ -3095,7 +3117,7 @@ NTSTATUS CDROM_DeviceIoControl(HANDLE hDevice,
|
||||
status = DVD_GetRegion(fd, lpOutBuffer);
|
||||
break;
|
||||
case IOCTL_DVD_READ_STRUCTURE:
|
||||
- sz = sizeof(DVD_LAYER_DESCRIPTOR);
|
||||
+ sz = DVD_ReadStructureSize(lpInBuffer);
|
||||
+ sz = DVD_ReadStructureSize(lpInBuffer, nInBufferSize);
|
||||
if (lpInBuffer == NULL || nInBufferSize != sizeof(DVD_READ_STRUCTURE)) status = STATUS_INVALID_PARAMETER;
|
||||
else if (nOutBufferSize < sz || !lpOutBuffer) status = STATUS_BUFFER_TOO_SMALL;
|
||||
else
|
||||
--
|
||||
1.9.1
|
||||
2.2.2
|
||||
|
||||
|
||||
@ -1975,7 +1975,7 @@ fi
|
||||
if test "$enable_ntdll_DVD_Read_Size" -eq 1; then
|
||||
patch_apply ntdll-DVD_Read_Size/0001-ntdll-Fix-expected-IOCTL_DVD_READ_STRUCTURE-expected.patch
|
||||
(
|
||||
echo '+ { "Erich E. Hoover", "ntdll: Fix expected IOCTL_DVD_READ_STRUCTURE expected output size.", 1 },';
|
||||
echo '+ { "Erich E. Hoover", "ntdll: Fix expected IOCTL_DVD_READ_STRUCTURE expected output size.", 2 },';
|
||||
) >> "$patchlist"
|
||||
fi
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user