[ros-diffs] [rharabien] 51163: [VIDEOPRT] Add missing check Don't assume UNICODE_STRING is NULL-terminated

rharabien at svn.reactos.org rharabien at svn.reactos.org
Sat Mar 26 17:49:56 UTC 2011


Author: rharabien
Date: Sat Mar 26 17:49:55 2011
New Revision: 51163

URL: http://svn.reactos.org/svn/reactos?rev=51163&view=rev
Log:
[VIDEOPRT]
Add missing check
Don't assume UNICODE_STRING is NULL-terminated

Modified:
    trunk/reactos/drivers/video/videoprt/videoprt.c

Modified: trunk/reactos/drivers/video/videoprt/videoprt.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/video/videoprt/videoprt.c?rev=51163&r1=51162&r2=51163&view=diff
==============================================================================
--- trunk/reactos/drivers/video/videoprt/videoprt.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/video/videoprt/videoprt.c [iso-8859-1] Sat Mar 26 17:49:55 2011
@@ -83,27 +83,43 @@
    static WCHAR ControlSet[] = L"CONTROLSET";
    static WCHAR Insert1[] = L"Hardware Profiles\\Current\\System\\CurrentControlSet\\";
    static WCHAR Insert2[] = L"\\Device0";
-   LPWSTR ProfilePath = NULL;
    BOOLEAN Valid;
-   PWCHAR AfterControlSet;
-
-   Valid = (0 == _wcsnicmp(DriverRegistryPath->Buffer, RegistryMachineSystem,
-                          wcslen(RegistryMachineSystem)));
-   {
-      AfterControlSet = DriverRegistryPath->Buffer + wcslen(RegistryMachineSystem);
-      if (0 == _wcsnicmp(AfterControlSet, CurrentControlSet, wcslen(CurrentControlSet)))
-      {
-         AfterControlSet += wcslen(CurrentControlSet);
-      }
-      else if (0 == _wcsnicmp(AfterControlSet, ControlSet, wcslen(ControlSet)))
-      {
-         AfterControlSet += wcslen(ControlSet);
-         while (L'0' <= *AfterControlSet && L'9' <= *AfterControlSet)
+   UNICODE_STRING AfterControlSet;
+
+   AfterControlSet = *DriverRegistryPath;
+   /* Check if path begins with \\REGISTRY\\MACHINE\\SYSTEM\\ */
+   Valid = (DriverRegistryPath->Length > sizeof(RegistryMachineSystem) &&
+			0 == _wcsnicmp(DriverRegistryPath->Buffer, RegistryMachineSystem,
+            wcslen(RegistryMachineSystem)));
+   if (Valid)
+   {
+      AfterControlSet.Buffer += wcslen(RegistryMachineSystem);
+      AfterControlSet.Length -= sizeof(RegistryMachineSystem) - sizeof(UNICODE_NULL);
+      
+      /* Check if path contains CURRENTCONTROLSET */
+      if (AfterControlSet.Length > sizeof(CurrentControlSet) &&
+          0 == _wcsnicmp(AfterControlSet.Buffer, CurrentControlSet, wcslen(CurrentControlSet)))
+      {
+         AfterControlSet.Buffer += wcslen(CurrentControlSet);
+         AfterControlSet.Length -= sizeof(CurrentControlSet) - sizeof(UNICODE_NULL);
+      }
+      /* Check if path contains CONTROLSETnum */
+      else if (AfterControlSet.Length > sizeof(ControlSet) &&
+               0 == _wcsnicmp(AfterControlSet.Buffer, ControlSet, wcslen(ControlSet)))
+      {
+         AfterControlSet.Buffer += wcslen(ControlSet);
+         AfterControlSet.Length -= sizeof(ControlSet) - sizeof(UNICODE_NULL);
+         while (AfterControlSet.Length > 0 &&
+                L'0' <= *AfterControlSet.Buffer &&
+                L'9' <= *AfterControlSet.Buffer)
          {
-            AfterControlSet++;
+            AfterControlSet.Buffer++;
+            AfterControlSet.Length -= sizeof(WCHAR);
          }
-         Valid = (L'\\' == *AfterControlSet);
-         AfterControlSet++;
+         Valid = (AfterControlSet.Length > 0 && L'\\' == *AfterControlSet.Buffer);
+         AfterControlSet.Buffer++;
+         AfterControlSet.Length -= sizeof(WCHAR);
+         AfterControlSet.MaximumLength = AfterControlSet.Length;
       }
       else
       {
@@ -113,18 +129,26 @@
 
    if (Valid)
    {
-      ProfilePath = ExAllocatePoolWithTag(PagedPool,
-                                          (wcslen(DriverRegistryPath->Buffer) +
-                                           wcslen(Insert1) + wcslen(Insert2) + 1) * sizeof(WCHAR),
-                                          TAG_VIDEO_PORT);
-      if (NULL != ProfilePath)
-      {
-         wcsncpy(ProfilePath, DriverRegistryPath->Buffer, AfterControlSet - DriverRegistryPath->Buffer);
-         wcscpy(ProfilePath + (AfterControlSet - DriverRegistryPath->Buffer), Insert1);
-         wcscat(ProfilePath, AfterControlSet);
-         wcscat(ProfilePath, Insert2);
-
-         Valid = NT_SUCCESS(RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE, ProfilePath));
+      DeviceRegistryPath->MaximumLength = DriverRegistryPath->Length + sizeof(Insert1) + sizeof(Insert2);
+      DeviceRegistryPath->Buffer = ExAllocatePoolWithTag(PagedPool,
+         DeviceRegistryPath->MaximumLength,
+         TAG_VIDEO_PORT);
+      if (NULL != DeviceRegistryPath->Buffer)
+      {
+         /* Build device path */
+      	 wcsncpy(DeviceRegistryPath->Buffer,
+                 DriverRegistryPath->Buffer,
+                 AfterControlSet.Buffer - DriverRegistryPath->Buffer);
+         DeviceRegistryPath->Length = (AfterControlSet.Buffer - DriverRegistryPath->Buffer) * sizeof(WCHAR);
+         RtlAppendUnicodeToString(DeviceRegistryPath, Insert1);
+         RtlAppendUnicodeStringToString(DeviceRegistryPath, &AfterControlSet);
+         RtlAppendUnicodeToString(DeviceRegistryPath, Insert2);
+         
+         /* Check if registry key exists */
+         Valid = NT_SUCCESS(RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE, DriverRegistryPath->Buffer));
+         
+         if(!Valid)
+            ExFreePoolWithTag(DeviceRegistryPath->Buffer, TAG_VIDEO_PORT);
       }
       else
       {
@@ -136,28 +160,22 @@
       WARN_(VIDEOPRT, "Unparsable registry path %wZ", DriverRegistryPath);
    }
 
-   if (Valid)
-   {
-      RtlInitUnicodeString(DeviceRegistryPath, ProfilePath);
-   }
-   else
-   {
-      if (ProfilePath)
-         ExFreePoolWithTag(ProfilePath, TAG_VIDEO_PORT);
-
-      DeviceRegistryPath->Length =
-      DeviceRegistryPath->MaximumLength =
-         DriverRegistryPath->Length + (9 * sizeof(WCHAR));
-      DeviceRegistryPath->Length -= sizeof(WCHAR);
+   /* If path doesn't point to *ControlSet*, use DriverRegistryPath directly */
+   if (!Valid)
+   {
+      DeviceRegistryPath->MaximumLength = DriverRegistryPath->Length + sizeof(Insert2);
       DeviceRegistryPath->Buffer = ExAllocatePoolWithTag(
          NonPagedPool,
          DeviceRegistryPath->MaximumLength,
          TAG_VIDEO_PORT);
+      
       if (!DeviceRegistryPath->Buffer)
          return STATUS_NO_MEMORY;
-      swprintf(DeviceRegistryPath->Buffer, L"%s\\Device0",
-         DriverRegistryPath->Buffer);
-   }
+      
+      RtlCopyUnicodeString(DeviceRegistryPath, DriverRegistryPath);
+      RtlAppendUnicodeToString(DeviceRegistryPath, Insert2);
+   }
+   
    return STATUS_SUCCESS;
 }
 




More information about the Ros-diffs mailing list