Skip to content

Commit

Permalink
Replaced ExAllocatePoolWithTag to more secure ExAllocatePoolZero in s…
Browse files Browse the repository at this point in the history 
…amples of filesystems and filesystem filters; made necessary changes to make solutions buildable under recent Visual Studio (#725)
  • Loading branch information
@olegkMS
olegkMS authored May 18, 2022
1 parent ca1f038 commit b8d3abc
Show file tree
Hide file tree
Showing 34 changed files with 1,275 additions and 1,269 deletions.
24 changes: 12 additions & 12 deletions filesys/cdfs/cdprocs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,12 +231,12 @@ CdVerifyOrCreateDirStreamFile (
//
// Unsafe test to see if call / lock neccessary.
//

if (NULL == Fcb->FileObject) {

CdCreateInternalStream( IrpContext,
Fcb->Vcb,
Fcb,
Fcb,
&Fcb->FileNamePrefix.ExactCaseName.FileName);
}
}
Expand Down Expand Up @@ -371,8 +371,8 @@ CdHijackIrpAndFlushDevice (
if (NULL == *(UB)) { \
CdRaiseStatus( (IC), STATUS_INSUFFICIENT_RESOURCES); \
} \
}
}


#define CdLockUserBuffer(IC,BL,OP) { \
if ((IC)->Irp->MdlAddress == NULL) { \
Expand Down Expand Up @@ -809,7 +809,7 @@ CdFindPrefix (
//

typedef enum _TYPE_OF_ACQUIRE {

AcquireExclusive,
AcquireShared,
AcquireSharedStarveExclusive
Expand Down Expand Up @@ -944,10 +944,10 @@ CdAcquireResource (

#define CdAcquireCacheForRead( IC) \
ExAcquireResourceSharedLite( &(IC)->Vcb->SectorCacheResource, TRUE)

#define CdAcquireCacheForUpdate( IC) \
ExAcquireResourceExclusiveLite( &(IC)->Vcb->SectorCacheResource, TRUE)

#define CdReleaseCache( IC) \
ExReleaseResourceLite( &(IC)->Vcb->SectorCacheResource);

Expand Down Expand Up @@ -1225,7 +1225,7 @@ CdInitializeStackIrpContext (
//

#define CdCreateIrpContextLite(IC) \
ExAllocatePoolWithTag( CdNonPagedPool, sizeof( IRP_CONTEXT_LITE ), TAG_IRP_CONTEXT_LITE )
ExAllocatePoolZero( CdNonPagedPool, sizeof( IRP_CONTEXT_LITE ), TAG_IRP_CONTEXT_LITE )

#define CdFreeIrpContextLite(ICL) \
CdFreePool( &(ICL) )
Expand Down Expand Up @@ -1372,7 +1372,7 @@ CdOperationIsDasdOpen (
)
{
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation( IrpContext->Irp);

return ((IrpContext->MajorFunction == IRP_MJ_CREATE) &&
(IrpSp->FileObject->FileName.Length == 0) &&
(IrpSp->FileObject->RelatedFileObject == NULL));
Expand Down Expand Up @@ -1427,7 +1427,7 @@ CdDismountVcb (
#define CdUpdateVcbCondition( V, C) (V)->VcbCondition = (C)

#define CdMarkRealDevForVerify( DO) SetFlag( (DO)->Flags, DO_VERIFY_VOLUME)

#define CdMarkRealDevVerifyOk( DO) ClearFlag( (DO)->Flags, DO_VERIFY_VOLUME)


Expand Down Expand Up @@ -1577,7 +1577,7 @@ CdOplockComplete (

INLINE
ULONG
SectorsFromLlBytes(
SectorsFromLlBytes(
ULONGLONG Bytes
) {

Expand Down
18 changes: 8 additions & 10 deletions filesys/cdfs/prefxsup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,13 +106,11 @@ Return Value:

if (Fcb->ShortNamePrefix == NULL) {

Fcb->ShortNamePrefix = ExAllocatePoolWithTag( CdPagedPool,
sizeof( PREFIX_ENTRY ),
TAG_PREFIX_ENTRY );
Fcb->ShortNamePrefix = ExAllocatePoolZero( CdPagedPool,
sizeof( PREFIX_ENTRY ),
TAG_PREFIX_ENTRY );

if (Fcb->ShortNamePrefix == NULL) { return; }

RtlZeroMemory( Fcb->ShortNamePrefix, sizeof( PREFIX_ENTRY ));
}

PrefixEntry = Fcb->ShortNamePrefix;
Expand Down Expand Up @@ -151,9 +149,9 @@ Return Value:

if (Name->FileName.Length > BYTE_COUNT_EMBEDDED_NAME) {

NameBuffer = ExAllocatePoolWithTag( CdPagedPool,
Name->FileName.Length * 2,
TAG_PREFIX_NAME );
NameBuffer = ExAllocatePoolZero( CdPagedPool,
Name->FileName.Length * 2,
TAG_PREFIX_NAME );

//
// Exit if no name buffer.
Expand Down Expand Up @@ -228,9 +226,9 @@ Return Value:

{
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

//
// Start with the short name prefix entry.
//
Expand Down
74 changes: 37 additions & 37 deletions filesys/cdfs/strucsup.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ Module Name:
CdFreePool( &(F) )

#define CdAllocateFcbNonpaged(IC) \
ExAllocatePoolWithTag( CdNonPagedPool, sizeof( FCB_NONPAGED ), TAG_FCB_NONPAGED )
ExAllocatePoolZero( CdNonPagedPool, sizeof( FCB_NONPAGED ), TAG_FCB_NONPAGED )

#define CdDeallocateFcbNonpaged(IC,FNP) \
CdFreePool( &(FNP) )
Expand Down Expand Up @@ -311,13 +311,13 @@ Return Value:

InitializeListHead( &Vcb->DirNotifyList );
FsRtlNotifyInitializeSync( &Vcb->NotifySync );

//
// Pick up a VPB right now so we know we can pull this filesystem stack
// off of the storage stack on demand. This can raise - if it does,
// off of the storage stack on demand. This can raise - if it does,
// uninitialize the notify structures before returning.
//

try {

Vcb->SwapVpb = FsRtlAllocatePoolWithTag( CdNonPagedPool,
Expand All @@ -327,7 +327,7 @@ Return Value:
finally {

if (AbnormalTermination()) {

FsRtlNotifyUninitializeSync( &Vcb->NotifySync );
}
}
Expand All @@ -337,7 +337,7 @@ Return Value:
//

RtlZeroMemory( Vcb->SwapVpb, sizeof( VPB ) );

//
// Initialize the resource variable for the Vcb and files.
//
Expand Down Expand Up @@ -493,7 +493,7 @@ Return Value:
//
// We no longer accept media where blocksize != sector size.
//

if (Vcb->BlockSize != SECTOR_SIZE) {

CdRaiseStatus( IrpContext, STATUS_DISK_CORRUPT_ERROR );
Expand All @@ -502,7 +502,7 @@ Return Value:
Vcb->BlocksPerSector = SECTOR_SIZE / Vcb->BlockSize;
Vcb->BlockMask = Vcb->BlockSize - 1;
Vcb->BlockInverseMask = ~Vcb->BlockMask;

Vcb->BlockToSectorShift = 0;
Vcb->BlockToByteShift = SECTOR_SHIFT;

Expand Down Expand Up @@ -656,16 +656,16 @@ Return Value:

McbEntry = Vcb->VolumeDasdFcb->Mcb.McbArray;

McbEntry->FileOffset =
McbEntry->FileOffset =
McbEntry->DiskOffset = 0;

McbEntry->ByteCount = Vcb->VolumeDasdFcb->AllocationSize.QuadPart;

McbEntry->DataBlockByteCount =
McbEntry->TotalBlockByteCount = McbEntry->ByteCount;

Vcb->VolumeDasdFcb->Mcb.CurrentEntryCount = 1;

CdUnlockFcb( IrpContext, Vcb->VolumeDasdFcb );

//
Expand Down Expand Up @@ -861,7 +861,7 @@ Return Value:

SetFlag( Vcb->VcbState, VCB_STATE_ISO );
}

} finally {

if (UnlockVcb) { CdUnlockVcb( IrpContext, Vcb ); }
Expand Down Expand Up @@ -898,15 +898,15 @@ Return Value:

ASSERT_EXCLUSIVE_CDDATA;
ASSERT_EXCLUSIVE_VCB( Vcb );

UNREFERENCED_PARAMETER( IrpContext );

//
// Chuck the backpocket Vpb we kept just in case.
//

CdFreePool( &Vcb->SwapVpb );

//
// If there is a Vpb then we must delete it ourselves.
//
Expand All @@ -918,7 +918,7 @@ Return Value:
//

if (Vcb->TargetDeviceObject != NULL) {

ObDereferenceObject( Vcb->TargetDeviceObject );
}

Expand Down Expand Up @@ -1069,7 +1069,7 @@ Return Value:

default:

#pragma prefast( suppress: __WARNING_USE_OTHER_FUNCTION, "This is a bug." )
#pragma prefast( suppress: __WARNING_USE_OTHER_FUNCTION, "This is a bug." )
CdBugCheck( 0, 0, 0 );
}

Expand Down Expand Up @@ -1108,7 +1108,7 @@ Return Value:
//

ExInitializeFastMutex( &NewFcb->FcbNonpaged->AdvancedFcbHeaderMutex );
FsRtlSetupAdvancedHeader( &NewFcb->Header,
FsRtlSetupAdvancedHeader( &NewFcb->Header,
&NewFcb->FcbNonpaged->AdvancedFcbHeaderMutex );

if (NodeTypeCode == CDFS_NTC_FCB_DATA) {
Expand Down Expand Up @@ -1424,7 +1424,7 @@ Return Value:
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

//
// Allocate and initialize the structure.
//
Expand Down Expand Up @@ -1476,7 +1476,7 @@ Return Value:
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

if (Ccb->SearchExpression.FileName.Buffer != NULL) {

CdFreePool( &Ccb->SearchExpression.FileName.Buffer );
Expand Down Expand Up @@ -1547,7 +1547,7 @@ Return Value:
//

if (FileLock == NULL) {

if (RaiseOnError) {

NT_ASSERT( ARGUMENT_PRESENT( IrpContext ));
Expand Down Expand Up @@ -1611,11 +1611,11 @@ Return Value:
}

NT_ASSERT( IrpSp->FileObject != NULL ||

(IrpSp->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL &&
IrpSp->MinorFunction == IRP_MN_USER_FS_REQUEST &&
IrpSp->Parameters.FileSystemControl.FsControlCode == FSCTL_INVALIDATE_VOLUMES) ||

(IrpSp->MajorFunction == IRP_MJ_FILE_SYSTEM_CONTROL &&
IrpSp->MinorFunction == IRP_MN_MOUNT_VOLUME ) ||

Expand Down Expand Up @@ -1681,7 +1681,7 @@ Return Value:
if (IrpSp->DeviceObject != CdData.FileSystemDeviceObject) {

NewIrpContext->Vcb = &((PVOLUME_DEVICE_OBJECT) IrpSp->DeviceObject)->Vcb;

}

//
Expand Down Expand Up @@ -2168,7 +2168,7 @@ Return Value:
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

Fcb = (PFCB) RtlEnumerateGenericTableWithoutSplaying( &Vcb->FcbTable, RestartKey );

if (Fcb != NULL) {
Expand Down Expand Up @@ -2243,7 +2243,7 @@ Return Value:
// Zero the command block. This conveniently corresponds to an
// LBA mode READ_TOC request.
//

RtlZeroMemory( &Command, sizeof( Command));

RetryReadToc:
Expand Down Expand Up @@ -2343,7 +2343,7 @@ Return Value:
// Knock 2.5 minutes off the current track to hide the final leadin.
// 2.5 min = 150 sec = (x 75) 11250 frames (sectors).
//

SwapCopyUchar4( &Address, &Track->Address);
Address -= 11250;
SwapCopyUchar4( &Track->Address, &Address);
Expand Down Expand Up @@ -2557,9 +2557,9 @@ Return Value:
PFCB_NONPAGED FcbNonpaged;

PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

//
// Allocate the non-paged pool and initialize the various
// synchronization objects.
Expand Down Expand Up @@ -2610,9 +2610,9 @@ Return Value:

{
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

ExDeleteResourceLite( &FcbNonpaged->FcbResource );

CdDeallocateFcbNonpaged( IrpContext, FcbNonpaged );
Expand Down Expand Up @@ -2708,7 +2708,7 @@ Return Value:

{
PAGED_CODE();

UNREFERENCED_PARAMETER( FcbTable );

return( FsRtlAllocatePoolWithTag( CdPagedPool, ByteSize, TAG_FCB_TABLE ));
Expand Down Expand Up @@ -2793,7 +2793,7 @@ Return Value:
PAGED_CODE();

UNREFERENCED_PARAMETER( IrpContext );

//
// Check if there are two tracks or fewer.
//
Expand All @@ -2813,10 +2813,10 @@ Return Value:
//

while (ThisTrack != LastTrack) {

SwapCopyUchar4( &Address, ThisTrack->Address);
CdLbnToMmSsFf( Address, (PUCHAR)&MsfAddress);

SerialNumber += MsfAddress;
ThisTrack += 1;
}
Expand Down
Loading

0 comments on commit b8d3abc

Please sign in to comment.