diff options
| author | Christophe Grenier <[email protected]> | 2015-03-08 10:47:50 +0100 |
|---|---|---|
| committer | Christophe Grenier <[email protected]> | 2015-03-08 10:47:50 +0100 |
| commit | f71504c2fda87336ac177d57686bfbca22c34167 (patch) | |
| tree | 47ced3f78104d51aac24f0e0b03c98238edce43f /src/hdwin32.c | |
| parent | 720f62546be37d06e3944a269afdb45d4c834e66 (diff) | |
Fix check in file_win32_disk_get_model() and add more checks.
Thanks to "dmex" for reporting the incorrect check.
Diffstat (limited to 'src/hdwin32.c')
| -rw-r--r-- | src/hdwin32.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/hdwin32.c b/src/hdwin32.c index 91a28b9e..8bc76f5c 100644 --- a/src/hdwin32.c +++ b/src/hdwin32.c @@ -62,7 +62,7 @@ void file_win32_disk_get_model(HANDLE handle, disk_t *dev, const int verbose) &query, sizeof (query), &buffer, - sizeof (buffer), + sizeof (buffer)-1, &cbBytesReturned, NULL) ) { const STORAGE_DEVICE_DESCRIPTOR * descrip = (const STORAGE_DEVICE_DESCRIPTOR *) & buffer; @@ -75,20 +75,20 @@ void file_win32_disk_get_model(HANDLE handle, disk_t *dev, const int verbose) log_info("IOCTL_STORAGE_QUERY_PROPERTY:\n"); dump_log(&buffer, cbBytesReturned); } - buffer[(cbBytesReturned < sizeof(buffer) ? cbBytesReturned : sizeof(buffer)-1)]='\0'; - if(descrip->SerialNumberOffset!=0 && descrip->SerialNumberOffset!=0xffffffff) + buffer[cbBytesReturned]='\0'; + if(descrip->SerialNumberOffset!=0 && descrip->SerialNumberOffset < cbBytesReturned) dev->serial_no=strip_dup(&buffer[descrip->SerialNumberOffset]); - if(descrip->ProductIdOffset!=0) + if(descrip->ProductRevisionOffset!=0 && descrip->ProductRevisionOffset < cbBytesReturned) dev->fw_rev=strip_dup(&buffer[descrip->ProductRevisionOffset]); - if(offsetVendor>0) + if(offsetVendor > 0 && offsetVendor < cbBytesReturned) lenVendor=strlen(&buffer[offsetVendor]); - if(offsetProduct>0) + if(offsetProduct > 0 && offsetProduct < cbBytesReturned) lenProduct=strlen(&buffer[offsetProduct]); - if(lenVendor+lenProduct>0) + if(lenVendor+lenProduct > 0) { dev->model = (char*) MALLOC(lenVendor+1+lenProduct+1); dev->model[0]='\0'; - if(lenVendor>0) + if(lenVendor>0 && offsetVendor + lenVendor <= cbBytesReturned) { int i; memcpy(dev->model, &buffer[offsetVendor], lenVendor); @@ -98,11 +98,11 @@ void file_win32_disk_get_model(HANDLE handle, disk_t *dev, const int verbose) dev->model[++i]=' '; dev->model[++i]='\0'; } - if(lenProduct>0) + if(lenProduct>0 && offsetProduct + lenProduct <= cbBytesReturned) { int i; - strncat(dev->model, &buffer[offsetProduct],lenProduct); - for(i=strlen(dev->model)-1;i>=0 && dev->model[i]==' ';i--); + strncat(dev->model, &buffer[offsetProduct], lenProduct); + for(i=strlen(dev->model)-1; i>=0 && dev->model[i]==' '; i--); dev->model[++i]='\0'; } if(strlen(dev->model)>0) |