[PATCH 1/3] ntoskrnl.exe: Fix handling of reference string in IoRegisterDeviceInterface().
From: Zebediah Figura z.figura12@gmail.com
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/ntoskrnl.exe/pnp.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/dlls/ntoskrnl.exe/pnp.c b/dlls/ntoskrnl.exe/pnp.c index 85bb9f4..23ae4ca 100644 --- a/dlls/ntoskrnl.exe/pnp.c +++ b/dlls/ntoskrnl.exe/pnp.c @@ -613,26 +613,22 @@ static NTSTATUS get_instance_id(DEVICE_OBJECT *device, WCHAR **instance_id) * IoRegisterDeviceInterface (NTOSKRNL.EXE.@) */ NTSTATUS WINAPI IoRegisterDeviceInterface(DEVICE_OBJECT *device, const GUID *class_guid, - UNICODE_STRING *reference_string, UNICODE_STRING *symbolic_link) + UNICODE_STRING *refstr, UNICODE_STRING *symbolic_link) { SP_DEVICE_INTERFACE_DATA sp_iface = {sizeof(sp_iface)}; SP_DEVINFO_DATA sp_device = {sizeof(sp_device)}; SP_DEVICE_INTERFACE_DETAIL_DATA_W *data; NTSTATUS status = STATUS_SUCCESS; struct device_interface *iface; - WCHAR *referenceW = NULL; WCHAR *instance_id; DWORD required; HDEVINFO set; BOOL rc;
- TRACE("device %p, class_guid %s, reference_string %s, symbolic_link %p.\n", - device, debugstr_guid(class_guid), debugstr_us(reference_string), symbolic_link); + TRACE("device %p, class_guid %s, refstr %s, symbolic_link %p.\n", + device, debugstr_guid(class_guid), debugstr_us(refstr), symbolic_link);
- if (reference_string != NULL) - referenceW = reference_string->Buffer; - - set = SetupDiGetClassDevsW( class_guid, referenceW, NULL, DIGCF_DEVICEINTERFACE ); + set = SetupDiGetClassDevsW( class_guid, NULL, NULL, DIGCF_DEVICEINTERFACE ); if (set == INVALID_HANDLE_VALUE) return STATUS_UNSUCCESSFUL;
status = get_instance_id( device, &instance_id ); @@ -674,7 +670,7 @@ NTSTATUS WINAPI IoRegisterDeviceInterface(DEVICE_OBJECT *device, const GUID *cla } HeapFree( GetProcessHeap(), 0, instance_id );
- if (!SetupDiCreateDeviceInterfaceW( set, &sp_device, class_guid, NULL, 0, &sp_iface )) + if (!SetupDiCreateDeviceInterfaceW( set, &sp_device, class_guid, refstr ? refstr->Buffer : NULL, 0, &sp_iface )) return STATUS_UNSUCCESSFUL;
required = 0;
From: Zebediah Figura z.figura12@gmail.com
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/winebus.sys/main.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/dlls/winebus.sys/main.c b/dlls/winebus.sys/main.c index 73e3154..c42128c 100644 --- a/dlls/winebus.sys/main.c +++ b/dlls/winebus.sys/main.c @@ -168,13 +168,32 @@ static WCHAR *get_instance_id(DEVICE_OBJECT *device)
static WCHAR *get_device_id(DEVICE_OBJECT *device) { - static const WCHAR formatW[] = {'%','s','\','V','i','d','_','%','0','4','x','&','P','i','d','_','%','0','4','x',0}; + static const WCHAR formatW[] = {'%','s','\','v','i','d','_','%','0','4','x', + '&','p','i','d','_','%','0','4','x',0}; + static const WCHAR format_inputW[] = {'%','s','\','v','i','d','_','%','0','4','x', + '&','p','i','d','_','%','0','4','x','&','%','s','_','%','i',0}; struct device_extension *ext = (struct device_extension *)device->DeviceExtension; - DWORD len = strlenW(ext->busid) + 19; WCHAR *dst; + DWORD len;
- if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)))) - sprintfW(dst, formatW, ext->busid, ext->vid, ext->pid); + if (ext->input == (WORD)-1) + { + len = snprintfW(NULL, 0, formatW, ext->busid, ext->vid, ext->pid); + if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)))) + { + sprintfW(dst, formatW, ext->busid, ext->vid, ext->pid); + } + } + else + { + len = snprintfW(NULL, 0, format_inputW, ext->busid, ext->vid, ext->pid, + ext->is_gamepad ? igW : miW, ext->input); + if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)))) + { + sprintfW(dst, format_inputW, ext->busid, ext->vid, ext->pid, + ext->is_gamepad ? igW : miW, ext->input); + } + }
return dst; }
Zebediah Figura zfigura@codeweavers.com writes:
- DWORD len;
- if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR))))
sprintfW(dst, formatW, ext->busid, ext->vid, ext->pid);
- if (ext->input == (WORD)-1)
- {
len = snprintfW(NULL, 0, formatW, ext->busid, ext->vid, ext->pid);
This can't work, snprintfW returns -1 on overflow.
On 6/4/19 10:56 AM, Alexandre Julliard wrote:
Zebediah Figura zfigura@codeweavers.com writes:
- DWORD len;
- if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR))))
sprintfW(dst, formatW, ext->busid, ext->vid, ext->pid);
- if (ext->input == (WORD)-1)
- {
len = snprintfW(NULL, 0, formatW, ext->busid, ext->vid, ext->pid);This can't work, snprintfW returns -1 on overflow.
...Indeed. I'm not sure why it worked for me, then. I guess there's no way to get the real buffer size using this approach?
I'll resend using a fixed-size buffer.
From: Zebediah Figura z.figura12@gmail.com
It's the only one we actually match against.
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/winebus.sys/main.c | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-)
diff --git a/dlls/winebus.sys/main.c b/dlls/winebus.sys/main.c index c42128c..3df7e37 100644 --- a/dlls/winebus.sys/main.c +++ b/dlls/winebus.sys/main.c @@ -201,33 +201,14 @@ static WCHAR *get_device_id(DEVICE_OBJECT *device) static WCHAR *get_compatible_ids(DEVICE_OBJECT *device) { struct device_extension *ext = (struct device_extension *)device->DeviceExtension; - WCHAR *iid, *did, *dst, *ptr; - DWORD len; + WCHAR *dst;
- if (!(iid = get_instance_id(device))) - return NULL; - - if (!(did = get_device_id(device))) + if ((dst = HeapAlloc(GetProcessHeap(), 0, (strlenW(ext->busid) + 2) * sizeof(WCHAR)))) { - HeapFree(GetProcessHeap(), 0, iid); - return NULL; + strcpyW(dst, ext->busid); + dst[strlenW(dst) + 1] = 0; }
- len = strlenW(iid) + strlenW(did) + strlenW(ext->busid) + 4; - if ((dst = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)))) - { - ptr = dst; - strcpyW(ptr, iid); - ptr += strlenW(iid) + 1; - strcpyW(ptr, did); - ptr += strlenW(did) + 1; - strcpyW(ptr, ext->busid); - ptr += strlenW(ext->busid) + 1; - *ptr = 0; - } - - HeapFree(GetProcessHeap(), 0, iid); - HeapFree(GetProcessHeap(), 0, did); return dst; }
-
Alexandre Julliard -
Zebediah Figura -
Zebediah Figura