[NPFS]
authorThomas Faber <thomas.faber@reactos.org>
Sat, 22 Sep 2012 09:48:27 +0000 (09:48 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Sat, 22 Sep 2012 09:48:27 +0000 (09:48 +0000)
- Do not fail for a valid buffer size in NpfsPeekPipe
- Do not read from an output buffer in NpfsPeekPipe

svn path=/trunk/; revision=57362

reactos/drivers/filesystems/npfs/fsctrl.c

index e382c59..a7eca3f 100644 (file)
@@ -581,14 +581,14 @@ NpfsPeekPipe(PIRP Irp,
     DPRINT("OutputBufferLength: %lu\n", OutputBufferLength);
 
     /* Validate parameters */
     DPRINT("OutputBufferLength: %lu\n", OutputBufferLength);
 
     /* Validate parameters */
-    if (OutputBufferLength < sizeof(FILE_PIPE_PEEK_BUFFER))
+    if (OutputBufferLength < FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]))
     {
         DPRINT1("Buffer too small\n");
         return STATUS_INVALID_PARAMETER;
     }
 
     Ccb = IoStack->FileObject->FsContext2;
     {
         DPRINT1("Buffer too small\n");
         return STATUS_INVALID_PARAMETER;
     }
 
     Ccb = IoStack->FileObject->FsContext2;
-    Reply = (PFILE_PIPE_PEEK_BUFFER)Irp->AssociatedIrp.SystemBuffer;
+    Reply = Irp->AssociatedIrp.SystemBuffer;
     //Fcb = Ccb->Fcb;
 
 
     //Fcb = Ccb->Fcb;
 
 
@@ -604,46 +604,49 @@ NpfsPeekPipe(PIRP Irp,
     {
         DPRINT("Byte Stream Mode\n");
         Reply->MessageLength = Ccb->ReadDataAvailable;
     {
         DPRINT("Byte Stream Mode\n");
         Reply->MessageLength = Ccb->ReadDataAvailable;
-        DPRINT("Reply->MessageLength  %lu\n",Reply->MessageLength );
+        DPRINT("Reply->MessageLength  %lu\n", Reply->MessageLength);
         MessageCount = 1;
 
         MessageCount = 1;
 
-        if (Reply->Data[0] && (OutputBufferLength >= Ccb->ReadDataAvailable + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])))
+        if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[Ccb->ReadDataAvailable]))
         {
         {
+            RtlCopyMemory(Reply->Data, BufferPtr, Ccb->ReadDataAvailable);
             ReturnLength = Ccb->ReadDataAvailable;
             ReturnLength = Ccb->ReadDataAvailable;
-            memcpy(&Reply->Data[0], (PVOID)BufferPtr, Ccb->ReadDataAvailable);
         }
     }
     else
     {
         DPRINT("Message Mode\n");
         }
     }
     else
     {
         DPRINT("Message Mode\n");
-        ReadDataAvailable=Ccb->ReadDataAvailable;
+        ReadDataAvailable = Ccb->ReadDataAvailable;
 
         if (ReadDataAvailable > 0)
         {
 
         if (ReadDataAvailable > 0)
         {
-            memcpy(&Reply->MessageLength, BufferPtr, sizeof(ULONG));
+            RtlCopyMemory(&Reply->MessageLength,
+                          BufferPtr,
+                          sizeof(Reply->MessageLength));
 
             while ((ReadDataAvailable > 0) && (BufferPtr < Ccb->WritePtr))
             {
 
             while ((ReadDataAvailable > 0) && (BufferPtr < Ccb->WritePtr))
             {
-                memcpy(&MessageLength, BufferPtr, sizeof(MessageLength));
+                RtlCopyMemory(&MessageLength, BufferPtr, sizeof(MessageLength));
 
                 ASSERT(MessageLength > 0);
 
 
                 ASSERT(MessageLength > 0);
 
-                DPRINT("MessageLength = %lu\n",MessageLength);
+                DPRINT("MessageLength = %lu\n", MessageLength);
                 ReadDataAvailable -= MessageLength;
                 MessageCount++;
 
                 /* If its the first message, copy the Message if the size of buffer is large enough */
                 ReadDataAvailable -= MessageLength;
                 MessageCount++;
 
                 /* If its the first message, copy the Message if the size of buffer is large enough */
-                if (MessageCount==1)
+                if (MessageCount == 1)
                 {
                 {
-                    if ((Reply->Data[0])
-                        && (OutputBufferLength >= (MessageLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]))))
+                    if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[MessageLength]))
                     {
                     {
-                        memcpy(&Reply->Data[0], (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)), MessageLength);
+                        RtlCopyMemory(Reply->Data,
+                                      (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)),
+                                      MessageLength);
                         ReturnLength = MessageLength;
                     }
                 }
 
                         ReturnLength = MessageLength;
                     }
                 }
 
-                BufferPtr =(PVOID)((ULONG_PTR)BufferPtr + MessageLength + sizeof(MessageLength));
+                BufferPtr = (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength) + MessageLength);
                 DPRINT("BufferPtr = %x\n", BufferPtr);
                 DPRINT("ReadDataAvailable: %lu\n", ReadDataAvailable);
             }
                 DPRINT("BufferPtr = %x\n", BufferPtr);
                 DPRINT("ReadDataAvailable: %lu\n", ReadDataAvailable);
             }
@@ -659,7 +662,7 @@ NpfsPeekPipe(PIRP Irp,
 
     Reply->NumberOfMessages = MessageCount;
 
 
     Reply->NumberOfMessages = MessageCount;
 
-    Irp->IoStatus.Information = ReturnLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]);
+    Irp->IoStatus.Information = FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[ReturnLength]);
     Irp->IoStatus.Status = STATUS_SUCCESS;
 
     Status = STATUS_SUCCESS;
     Irp->IoStatus.Status = STATUS_SUCCESS;
 
     Status = STATUS_SUCCESS;