Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-13131

EnumerateBusKey should check for invalid identifier.




      During reactos install, freeloader reports two disks(as we can see from PcInitializeBootDevices -> PcBiosDiskCount).
      Now DetectBiosDisks will fill PCONFIGURATION_COMPONENT_DATA of LoaderBlock->ConfigurationRoot with info about each
      detected disk, including the identifier. As we can see, for second disk(boot disk) the identifer is not filled in
      DetectBiosDisks will call GetHarddiskIdentifier(0x80 + i) for second device but, disk 2 has no identifer.
      When CmpInitializeHardwareConfiguration(KeLoaderBlock) is called, it will build "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 and 1"
      with information about the disks(including the identifier).
      Now, if we attach a usb storage device, EnumerateBusKey will try to search in registry for respective device.
      Since no verification are made for identifier length, RtlCompareString will access out of bounds memory.

      As can be seen 'disk_new', have a check for invalid identifier(DiskSaveBusDetectInfo line 611).

      To reproduce this, do the following steps:
      1. Activate MM special pool
      2. Start bootcd instalation
      3. Attach a USB storage device to VBOX.

      This patch does following:

      • Checks for invalid identifier
      • Prevent possible memory leak
      • Compute correct size for identifer unicode string, since FldrSetIdentifier allocate space for ANSI_NULL(IdentifierLength = strlen(IdentifierString) + 1 ).
        Last problem exist also in 'disk_new'


        1. CORE-13131_freeldr.patch
          2 kB
        2. crash_log.txt
          33 kB
          Lesan Ilie
        3. disk.c.patch
          1 kB
          Lesan Ilie
        4. hwdisk.c.patch
          0.4 kB
          Lesan Ilie
        5. ros_74461_vbox_r114628 _install_with_freeldr_fix.txt
          12 kB
          Lesan Ilie
        6. ros_74461_vbox_r114628 _install.txt
          12 kB
          Lesan Ilie
        7. w2k3_vbox_r114628 _install.txt
          14 kB
          Lesan Ilie



            • Assignee:
              hbelusca hbelusca
              reactcoder Lesan Ilie
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: