mirrors/FreeRDP
0
0
Fork 0
mirror of https://github.com/FreeRDP/FreeRDP.git synced 2024-11-24 02:14:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix for #4161

Browse Source 
The checks were wrong, fix them.
This commit is contained in:
David Fort 2017-10-02 20:57:27 +02:00
parent e6d66d9d81
commit b624ecbfce
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
channels/drive/client/drive_main.c
View File

@ -167,16 +167,19 @@ static UINT drive_process_irp_create(DRIVE_DEVICE* drive, IRP* irp)
if (!drive || !irp || !irp->devman || !irp->Complete)
return ERROR_INVALID_PARAMETER;
Stream_Read_UINT32(irp->input, DesiredAccess);
Stream_Read_UINT64(irp->input, allocationSize);
if (Stream_GetRemainingLength(irp->input) < allocationSize)
if (Stream_GetRemainingLength(irp->input) < 6*4+8)
return ERROR_INVALID_DATA;
Stream_Read_UINT32(irp->input, DesiredAccess);
Stream_Read_UINT64(irp->input, allocationSize);
Stream_Read_UINT32(irp->input, FileAttributes);
Stream_Read_UINT32(irp->input, SharedAccess);
Stream_Read_UINT32(irp->input, CreateDisposition);
Stream_Read_UINT32(irp->input, CreateOptions);
Stream_Read_UINT32(irp->input, PathLength);
if (Stream_GetRemainingLength(irp->input) < PathLength)
return ERROR_INVALID_DATA;
path = (WCHAR*) Stream_Pointer(irp->input);
FileId = irp->devman->id_sequence++;
file = drive_file_new(drive->path, path, PathLength, FileId, DesiredAccess, CreateDisposition,