switch (FsInformationClass)
{
case FileBasicInformation:
+ if (Stream_GetRemainingLength(input) < 36)
+ return FALSE;
+
/* http://msdn.microsoft.com/en-us/library/cc232094.aspx */
Stream_Read_UINT64(input, liCreationTime.QuadPart);
Stream_Read_UINT64(input, liLastAccessTime.QuadPart);
/* http://msdn.microsoft.com/en-us/library/cc232067.aspx */
case FileAllocationInformation:
+ if (Stream_GetRemainingLength(input) < 8)
+ return FALSE;
+
/* http://msdn.microsoft.com/en-us/library/cc232076.aspx */
Stream_Read_INT64(input, size);
break; /* TODO: SetLastError ??? */
if (Length)
+ {
+ if (Stream_GetRemainingLength(input) < 1)
+ return FALSE;
+
Stream_Read_UINT8(input, delete_pending);
+ }
else
delete_pending = 1;
break;
case FileRenameInformation:
+ if (Stream_GetRemainingLength(input) < 6)
+ return FALSE;
+
/* http://msdn.microsoft.com/en-us/library/cc232085.aspx */
Stream_Read_UINT8(input, ReplaceIfExists);
Stream_Seek_UINT8(input); /* RootDirectory */
Stream_Read_UINT32(input, FileNameLength);
+
+ if (Stream_GetRemainingLength(input) < FileNameLength)
+ return FALSE;
+
fullpath = drive_file_combine_fullpath(file->basepath, (WCHAR*)Stream_Pointer(input),
FileNameLength);
-
if (!fullpath)
{
WLog_ERR(TAG, "drive_file_combine_fullpath failed!");
if (!drive || !irp || !irp->output || !irp->Complete)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 12)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, Length);
Stream_Read_UINT64(irp->input, Offset);
- file = drive_get_file_by_id(drive, irp->FileId);
+ file = drive_get_file_by_id(drive, irp->FileId);
if (!file)
{
irp->IoStatus = STATUS_UNSUCCESSFUL;
if (!drive || !irp || !irp->input || !irp->output || !irp->Complete)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 32)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, Length);
Stream_Read_UINT64(irp->input, Offset);
Stream_Seek(irp->input, 20); /* Padding */
- file = drive_get_file_by_id(drive, irp->FileId);
+ file = drive_get_file_by_id(drive, irp->FileId);
if (!file)
{
irp->IoStatus = STATUS_UNSUCCESSFUL;
if (!drive || !irp || !irp->Complete)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 4)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, FsInformationClass);
- file = drive_get_file_by_id(drive, irp->FileId);
+ file = drive_get_file_by_id(drive, irp->FileId);
if (!file)
{
irp->IoStatus = STATUS_UNSUCCESSFUL;
if (!drive || !irp || !irp->Complete || !irp->input || !irp->output)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 32)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, FsInformationClass);
Stream_Read_UINT32(irp->input, Length);
Stream_Seek(irp->input, 24); /* Padding */
- file = drive_get_file_by_id(drive, irp->FileId);
+ file = drive_get_file_by_id(drive, irp->FileId);
if (!file)
{
irp->IoStatus = STATUS_UNSUCCESSFUL;
if (!drive || !irp)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 4)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, FsInformationClass);
GetDiskFreeSpaceW(drive->path, &lpSectorsPerCluster, &lpBytesPerSector, &lpNumberOfFreeClusters,
&lpTotalNumberOfClusters);
if (!drive || !irp || !irp->output || !irp->Complete)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 4)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, FsInformationClass);
+
Stream_Write_UINT32(irp->output, 0); /* Length */
return irp->Complete(irp);
}
if (!drive || !irp || !irp->Complete)
return ERROR_INVALID_PARAMETER;
+ if (Stream_GetRemainingLength(irp->input) < 32)
+ return ERROR_INVALID_DATA;
+
Stream_Read_UINT32(irp->input, FsInformationClass);
Stream_Read_UINT8(irp->input, InitialQuery);
Stream_Read_UINT32(irp->input, PathLength);
Stream_Seek(irp->input, 23); /* Padding */
path = (WCHAR*) Stream_Pointer(irp->input);
- file = drive_get_file_by_id(drive, irp->FileId);
+ file = drive_get_file_by_id(drive, irp->FileId);
if (file == NULL)
{
irp->IoStatus = STATUS_UNSUCCESSFUL;
irp = (IRP*) message.wParam;
if (irp)
+ {
if ((error = drive_process_irp(drive, irp)))
{
WLog_ERR(TAG, "drive_process_irp failed with error %"PRIu32"!", error);
break;
}
+ }
}
fail: