[ros-diffs] [janderwald] 55329: [HIDCLASS] - Prevent buffer overflow in HidClassPDO_HandleQueryHardwareId - Reimplement HidClassPDO_HandleQueryInstanceId - USB Composite driver now gets further(hangs at instal...
janderwald at svn.reactos.org
janderwald at svn.reactos.org
Mon Jan 30 16:47:40 UTC 2012
Author: janderwald
Date: Mon Jan 30 16:47:39 2012
New Revision: 55329
URL: http://svn.reactos.org/svn/reactos?rev=55329&view=rev
Log:
[HIDCLASS]
- Prevent buffer overflow in HidClassPDO_HandleQueryHardwareId
- Reimplement HidClassPDO_HandleQueryInstanceId
- USB Composite driver now gets further(hangs at installation stage)
Modified:
branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c
branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c
Modified: branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c
URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c?rev=55329&r1=55328&r2=55329&view=diff
==============================================================================
--- branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c [iso-8859-1] (original)
+++ branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c [iso-8859-1] Mon Jan 30 16:47:39 2012
@@ -143,7 +143,7 @@
{
NTSTATUS Status;
PHIDCLASS_PDO_DEVICE_EXTENSION PDODeviceExtension;
- WCHAR Buffer[100];
+ WCHAR Buffer[200];
ULONG Offset = 0;
LPWSTR Ptr;
PHIDP_COLLECTION_DESC CollectionDescription;
@@ -280,26 +280,38 @@
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
- NTSTATUS Status;
-
- //
- // copy current stack location
- //
- IoCopyCurrentIrpStackLocationToNext(Irp);
-
- //
- // call mini-driver
- //
- Status = HidClassFDO_DispatchRequestSynchronous(DeviceObject, Irp);
- if (!NT_SUCCESS(Status))
+ LPWSTR Buffer;
+ PHIDCLASS_PDO_DEVICE_EXTENSION PDODeviceExtension;
+
+ //
+ // get device extension
+ //
+ PDODeviceExtension = (PHIDCLASS_PDO_DEVICE_EXTENSION)DeviceObject->DeviceExtension;
+ ASSERT(PDODeviceExtension->Common.IsFDO == FALSE);
+
+
+ //
+ // allocate buffer
+ //
+ Buffer = ExAllocatePool(NonPagedPool, 5 * sizeof(WCHAR));
+ if (!Buffer)
{
//
// failed
//
- return Status;
- }
- DPRINT1("HidClassPDO_HandleQueryInstanceId Buffer %S\n", Irp->IoStatus.Information);
- return Status;
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ //
+ // write device id
+ //
+ swprintf(Buffer, L"%04x", PDODeviceExtension->CollectionNumber);
+ Irp->IoStatus.Information = (ULONG_PTR)Buffer;
+
+ //
+ // done
+ //
+ return STATUS_SUCCESS;
}
NTSTATUS
Modified: branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c
URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c?rev=55329&r1=55328&r2=55329&view=diff
==============================================================================
--- branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c [iso-8859-1] (original)
+++ branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c [iso-8859-1] Mon Jan 30 16:47:39 2012
@@ -384,7 +384,6 @@
{
/* not implemented */
DPRINT1("IOCTL_KEYBOARD_QUERY_INDICATORS not implemented\n");
- ASSERT(FALSE);
Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_NOT_IMPLEMENTED;
@@ -393,7 +392,6 @@
{
/* not implemented */
DPRINT1("IOCTL_KEYBOARD_QUERY_TYPEMATIC not implemented\n");
- ASSERT(FALSE);
Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_NOT_IMPLEMENTED;
@@ -402,7 +400,6 @@
{
/* not implemented */
DPRINT1("IOCTL_KEYBOARD_SET_INDICATORS not implemented\n");
- ASSERT(FALSE);
Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_NOT_IMPLEMENTED;
@@ -411,7 +408,6 @@
{
/* not implemented */
DPRINT1("IOCTL_KEYBOARD_SET_TYPEMATIC not implemented\n");
- ASSERT(FALSE);
Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_NOT_IMPLEMENTED;
@@ -420,7 +416,6 @@
{
/* not implemented */
DPRINT1("IOCTL_KEYBOARD_QUERY_INDICATOR_TRANSLATION not implemented\n");
- ASSERT(FALSE);
Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_NOT_IMPLEMENTED;
More information about the Ros-diffs
mailing list