[FASTFAT]

Fix for a buffer overflow and then a buffer overrun (if ever it fixes something)
The way filenames are handled for FAT entries should be REALLY simplified. This would prevent such errors.
Thus, there are more magic values in fastfat driver than everywhere else in ReactOS which makes proper fixing hard (impossible?).
Finally, the code for that fix is crappy, but I don't care, it fits the rest of the fastfat driver code.
*pissed off*
Fixes CID #2502

svn path=/trunk/; revision=50090

diff --git a/reactos/drivers/filesystems/fastfat/volume.c b/reactos/drivers/filesystems/fastfat/volume.c
index 4a014b3..6fd0480 100644 (file)
--- a/reactos/drivers/filesystems/fastfat/volume.c
+++ b/reactos/drivers/filesystems/fastfat/volume.c
@@ -220,8 +220,16 @@ FsdSetFsLabelInformation(PDEVICE_OBJECT DeviceObject,
   }
   else
   {
-    RtlCopyMemory(VolumeLabelDirEntry.Fat.Filename, cString, LabelLen);
-    memset(&VolumeLabelDirEntry.Fat.Filename[LabelLen], ' ', 11 - LabelLen);
+    RtlCopyMemory(VolumeLabelDirEntry.Fat.Filename, cString, max(sizeof(VolumeLabelDirEntry.Fat.Filename), LabelLen));
+    if (LabelLen > sizeof(VolumeLabelDirEntry.Fat.Filename))
+    {
+      memset(VolumeLabelDirEntry.Fat.Ext, ' ', sizeof(VolumeLabelDirEntry.Fat.Ext));
+      RtlCopyMemory(VolumeLabelDirEntry.Fat.Ext, cString + sizeof(VolumeLabelDirEntry.Fat.Filename), LabelLen - sizeof(VolumeLabelDirEntry.Fat.Filename));
+    }
+    else
+    {
+      memset(&VolumeLabelDirEntry.Fat.Filename[LabelLen], ' ', sizeof(VolumeLabelDirEntry.Fat.Filename) - LabelLen);
+    }
     VolumeLabelDirEntry.Fat.Attrib = 0x08;
   }