From d977906371ef9cef4e62d9b86daf673b0d9b599b Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sun, 28 Jun 2015 13:39:32 -0400 Subject: [PATCH] Windows: NP RemoteName Length checks Ensure that RemoteName paths have at least two characters before attempting to access character [1]. Change-Id: I75487056686dccf2bf57b22e7c99e9d8210eaaf3 Reviewed-on: http://gerrit.openafs.org/11914 Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- .../kernel/lib/AFSNetworkProviderSupport.cpp | 29 ++++++++++++------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp index 0561627e1..6875abf09 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSNetworkProviderSupport.cpp @@ -92,7 +92,8 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, // Strip off any trailing slashes // - if( uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') + if( uniRemoteName.Length >= sizeof( WCHAR) + && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') { uniRemoteName.Length -= sizeof( WCHAR); @@ -272,7 +273,8 @@ AFSAddConnection( IN AFSNetworkProviderConnectionCB *ConnectCB, // Strip off any trailing slashes // - if( uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') + if( uniRemoteName.Length >= sizeof( WCHAR) + && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') { uniRemoteName.Length -= sizeof( WCHAR); @@ -761,8 +763,9 @@ AFSListConnections( IN OUT AFSNetworkProviderConnectionCB *ConnectCB, ConnectCB->RemoteName, uniRemoteName.Length); - if( uniRemoteName.Buffer[ 0] == L'\\' && - uniRemoteName.Buffer[ 1] == L'\\') + if( uniRemoteName.Length >= 2 * sizeof( WCHAR) + && uniRemoteName.Buffer[ 0] == L'\\' + && uniRemoteName.Buffer[ 1] == L'\\') { uniRemoteName.Buffer = &uniRemoteName.Buffer[ 1]; @@ -770,7 +773,8 @@ AFSListConnections( IN OUT AFSNetworkProviderConnectionCB *ConnectCB, uniRemoteName.Length -= sizeof( WCHAR); } - if( uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') + if( uniRemoteName.Length >= sizeof( WCHAR) + && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') { uniRemoteName.Length -= sizeof( WCHAR); @@ -1032,11 +1036,12 @@ AFSInitializeConnectionInfo( IN AFSProviderConnectionCB *Connection, uniName = Connection->RemoteName; // - // Strip of the double leading slash if there is one + // Strip off the double leading slash if there is one // - if( uniName.Buffer[ 0] == L'\\' && - uniName.Buffer[ 1] == L'\\') + if( uniName.Length >= 2 * sizeof( WCHAR) + && uniName.Buffer[ 0] == L'\\' + && uniName.Buffer[ 1] == L'\\') { uniName.Buffer = &uniName.Buffer[ 1]; @@ -1543,8 +1548,9 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB, uniFullName = uniRemoteName; - if( uniRemoteName.Buffer[ 0] == L'\\' && - uniRemoteName.Buffer[ 1] == L'\\') + if( uniRemoteName.Length >= 2 * sizeof( WCHAR) + && uniRemoteName.Buffer[ 0] == L'\\' + && uniRemoteName.Buffer[ 1] == L'\\') { uniRemoteName.Buffer = &uniRemoteName.Buffer[ 1]; @@ -1552,7 +1558,8 @@ AFSGetConnectionInfo( IN AFSNetworkProviderConnectionCB *ConnectCB, uniRemoteName.Length -= sizeof( WCHAR); } - if( uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') + if( uniRemoteName.Length >= sizeof( WCHAR) + && uniRemoteName.Buffer[ (uniRemoteName.Length/sizeof( WCHAR)) - 1] == L'\\') { uniRemoteName.Length -= sizeof( WCHAR); -- 2.39.5