From eff26a3a925f41be300839b37e5f08a4b8010c41 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Wed, 19 Apr 2017 11:46:34 +0000 Subject: [PATCH 1/1] [KMTESTS:NPFS] - Remove tests that cause pool buffer overflows. NtQueryVolumeInformationFile does not validate buffer length for kernel mode callers, so passing an invalid length is not a good test. CORE-11474 svn path=/trunk/; revision=74374 --- rostests/kmtests/npfs/NpfsVolumeInfo.c | 41 -------------------------- 1 file changed, 41 deletions(-) diff --git a/rostests/kmtests/npfs/NpfsVolumeInfo.c b/rostests/kmtests/npfs/NpfsVolumeInfo.c index 9117191ef00..6695c41c626 100644 --- a/rostests/kmtests/npfs/NpfsVolumeInfo.c +++ b/rostests/kmtests/npfs/NpfsVolumeInfo.c @@ -81,20 +81,6 @@ TestVolumeInfo( ok_eq_ulong(FileFsSizeInfo.BytesPerSector, 1); ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsSizeInfo)); - RtlFillMemory(&FileFsSizeInfo, sizeof(FileFsSizeInfo), 0xFF); - Status = ZwQueryVolumeInformationFile(ServerHandle, - &IoStatusBlock, - &FileFsSizeInfo, - sizeof(FileFsSizeInfo) - 4, - FileFsSizeInformation); - ok_eq_hex(Status, STATUS_SUCCESS); - ok_eq_hex(IoStatusBlock.Status, STATUS_SUCCESS); - ok_eq_longlong(FileFsSizeInfo.TotalAllocationUnits.QuadPart, 0); - ok_eq_longlong(FileFsSizeInfo.AvailableAllocationUnits.QuadPart, 0); - ok_eq_ulong(FileFsSizeInfo.SectorsPerAllocationUnit, 1); - ok_eq_ulong(FileFsSizeInfo.BytesPerSector, 1); - ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsSizeInfo)); - RtlFillMemory(&FileFsDeviceInfo, sizeof(FileFsDeviceInfo), 0xFF); Status = ZwQueryVolumeInformationFile(ServerHandle, &IoStatusBlock, @@ -107,18 +93,6 @@ TestVolumeInfo( ok_eq_ulong(FileFsDeviceInfo.DeviceType, FILE_DEVICE_NAMED_PIPE); ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsDeviceInfo)); - RtlFillMemory(&FileFsDeviceInfo, sizeof(FileFsDeviceInfo), 0xFF); - Status = ZwQueryVolumeInformationFile(ServerHandle, - &IoStatusBlock, - &FileFsDeviceInfo, - sizeof(FileFsDeviceInfo) - 4, - FileFsDeviceInformation); - ok_eq_hex(Status, STATUS_SUCCESS); - ok_eq_hex(IoStatusBlock.Status, STATUS_SUCCESS); - ok_eq_ulong(FileFsDeviceInfo.Characteristics, 0); - ok_eq_ulong(FileFsDeviceInfo.DeviceType, FILE_DEVICE_NAMED_PIPE); - ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsDeviceInfo)); - RtlFillMemory(&AttributeInfo, sizeof(AttributeInfo), 0xFF); Status = ZwQueryVolumeInformationFile(ServerHandle, &IoStatusBlock, @@ -163,21 +137,6 @@ TestVolumeInfo( ok_eq_ulong(FileFsFullSizeInfo.SectorsPerAllocationUnit, 0); ok_eq_ulong(FileFsFullSizeInfo.BytesPerSector, 0); ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsFullSizeInfo)); - - RtlFillMemory(&FileFsFullSizeInfo, sizeof(FileFsFullSizeInfo), 0xFF); - Status = ZwQueryVolumeInformationFile(ServerHandle, - &IoStatusBlock, - &FileFsFullSizeInfo, - sizeof(FileFsFullSizeInfo) - 4, - FileFsFullSizeInformation); - ok_eq_hex(Status, STATUS_SUCCESS); - ok_eq_hex(IoStatusBlock.Status, STATUS_SUCCESS); - ok_eq_longlong(FileFsFullSizeInfo.TotalAllocationUnits.QuadPart, 0); - ok_eq_longlong(FileFsFullSizeInfo.CallerAvailableAllocationUnits.QuadPart, 0); - ok_eq_longlong(FileFsFullSizeInfo.ActualAvailableAllocationUnits.QuadPart, 0); - ok_eq_ulong(FileFsFullSizeInfo.SectorsPerAllocationUnit, 0); - ok_eq_ulong(FileFsFullSizeInfo.BytesPerSector, 0); - ok_eq_ulong(IoStatusBlock.Information, sizeof(FileFsFullSizeInfo)); } static KSTART_ROUTINE RunTest; -- 2.17.1