Skip to content

W
wine-winehq
Commit 8e98dcd4 authored by Derek Lesho's avatar Derek Lesho Committed by Alexandre Julliard
Browse files
Options

mountmgr.sys: Use SystemBuffer output for IOCTL_STORAGE_QUERY_PROPERTY.

In METHOD_BUFFERED ioctls, SystemBuffer must be used as both the input and output buffer. Using UserBuffer directly, without any checks is dangerous and non-functional, as it will be overwritten by the contents of SystemBuffer in a correct implementation. Signed-off-by: 's avatarDerek Lesho <dlesho@codeweavers.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent bd97b597
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 5 deletions
dlls/mountmgr.sys/device.c
View file @ 8e98dcd4
...@@ -1771,12 +1771,11 @@ static void query_property( struct disk_device *device, IRP *irp ) ...@@ -1771,12 +1771,11 @@ static void query_property( struct disk_device *device, IRP *irp )
if (device->serial) len += strlen( device->serial ) + 1; if (device->serial) len += strlen( device->serial ) + 1;
if (!irp->UserBuffer if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
|| irpsp->Parameters.DeviceIoControl.OutputBufferLength < sizeof(STORAGE_DESCRIPTOR_HEADER))
irp->IoStatus.u.Status = STATUS_INVALID_PARAMETER; irp->IoStatus.u.Status = STATUS_INVALID_PARAMETER;
else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < len) else if (irpsp->Parameters.DeviceIoControl.OutputBufferLength < len)
{ {
descriptor = irp->UserBuffer; descriptor = irp->AssociatedIrp.SystemBuffer;
descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR); descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
descriptor->Size = len; descriptor->Size = len;
irp->IoStatus.Information = sizeof(STORAGE_DESCRIPTOR_HEADER); irp->IoStatus.Information = sizeof(STORAGE_DESCRIPTOR_HEADER);
...@@ -1786,8 +1785,8 @@ static void query_property( struct disk_device *device, IRP *irp ) ...@@ -1786,8 +1785,8 @@ static void query_property( struct disk_device *device, IRP *irp )
{ {
FIXME( "Faking StorageDeviceProperty data\n" ); FIXME( "Faking StorageDeviceProperty data\n" );
memset( irp->UserBuffer, 0, irpsp->Parameters.DeviceIoControl.OutputBufferLength ); memset( irp->AssociatedIrp.SystemBuffer, 0, irpsp->Parameters.DeviceIoControl.OutputBufferLength );
descriptor = irp->UserBuffer; descriptor = irp->AssociatedIrp.SystemBuffer;
descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR); descriptor->Version = sizeof(STORAGE_DEVICE_DESCRIPTOR);
descriptor->Size = len; descriptor->Size = len;
descriptor->DeviceType = FILE_DEVICE_DISK; descriptor->DeviceType = FILE_DEVICE_DISK;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment