From ee8b6d34fa7d562f94469e2b8098ccc0507d5876 Mon Sep 17 00:00:00 2001 From: Peter Scott Date: Mon, 31 Oct 2011 18:07:23 -0400 Subject: [PATCH] Windows: correct ordering of reparse point tests Test for whether an object is a reparse point before testing whether the provided buffer is large enough to hold the result if it is. FSCTL_GET_REPARSE_POINT FSCTL_SET_REPARSE_POINT FSCTL_DELETE_REPARSE_POINT Change-Id: If6c1b9b6e5853d7759f169943310321d408190e0 Reviewed-on: http://gerrit.openafs.org/5748 Reviewed-by: Rod Widdowson Reviewed-by: Jeffrey Altman Tested-by: Jeffrey Altman --- src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp | 56 ++++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp b/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp index 546cd0e33..659454ee5 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSFSControl.cpp @@ -309,18 +309,6 @@ AFSProcessUserFsRequest( IN PIRP Irp) AFS_TRACE_LEVEL_VERBOSE_2, "AFSProcessUserFsRequest Processing FSCTL_GET_REPARSE_POINT request\n"); - if( ulOutputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) - { - - ntStatus = STATUS_BUFFER_TOO_SMALL; - - Irp->IoStatus.Information = FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer); - - break; - } - - ulRemainingLen -= FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer); - // // Check if we have the reparse entry set on the entry // @@ -333,6 +321,18 @@ AFSProcessUserFsRequest( IN PIRP Irp) break; } + if( ulOutputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) + { + + ntStatus = STATUS_BUFFER_TOO_SMALL; + + Irp->IoStatus.Information = FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer); + + break; + } + + ulRemainingLen -= FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer); + // // Populate the data in the reparse buffer // @@ -554,14 +554,6 @@ AFSProcessUserFsRequest( IN PIRP Irp) AFS_TRACE_LEVEL_VERBOSE_2, "AFSProcessUserFsRequest Processing FSCTL_SET_REPARSE_POINT request\n"); - if( ulInputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) - { - - ntStatus = STATUS_INVALID_PARAMETER; - - break; - } - // // Check if we have the reparse entry set on the entry // @@ -574,6 +566,14 @@ AFSProcessUserFsRequest( IN PIRP Irp) break; } + if( ulInputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) + { + + ntStatus = STATUS_INVALID_PARAMETER; + + break; + } + if( pReparseBuffer->ReparseTag != IO_REPARSE_TAG_OPENAFS_DFS) { @@ -608,14 +608,6 @@ AFSProcessUserFsRequest( IN PIRP Irp) AFS_TRACE_LEVEL_VERBOSE_2, "AFSProcessUserFsRequest Processing FSCTL_DELETE_REPARSE_POINT request\n"); - if( ulInputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) - { - - ntStatus = STATUS_INVALID_PARAMETER; - - break; - } - // // Check if we have the reparse entry set on the entry // @@ -628,6 +620,14 @@ AFSProcessUserFsRequest( IN PIRP Irp) break; } + if( ulInputBufferLen < FIELD_OFFSET( REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer.DataBuffer)) + { + + ntStatus = STATUS_INVALID_PARAMETER; + + break; + } + if( pReparseBuffer->ReparseTag != IO_REPARSE_TAG_OPENAFS_DFS) { -- 2.39.5