Changeset 108849 in vbox

Timestamp:

Apr 4, 2025 11:54:52 AM (6 weeks ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

168299

Message:

WINNT/Shared Folders/np: NPGetConnection() returns characters for *pBufferSize, not bytes. bugref:10884

File:

• trunk/src/VBox/Additions/WINNT/SharedFolders/np/vboxmrxnp.cpp (modified) (7 diffs)

trunk/src/VBox/Additions/WINNT/SharedFolders/np/vboxmrxnp.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * VirtualBox Windows Guest Shared Folders - Network provider dll
+ * VirtualBox Windows Guest Shared Folders - Network provider DLL (ring-3).
+ *
+ * Communicates with the ring-0 VBoxSF.sys via IOCtls.
  */
 
@@ -484 +486 @@
 {
     DWORD dwStatus = WN_NOT_CONNECTED;
-
     WCHAR RemoteName[128];
-    ULONG cbOut = 0;
-
-    Log(("VBOXNP: NPGetConnection: pLocalName = %ls\n",
-         pLocalName));
+
+    Log(("VBOXNP: NPGetConnection: pLocalName = %ls, *pBufferSize=%d\n", pLocalName, *pBufferSize));
 
     if (pLocalName && pLocalName[0] != 0)
@@ -495 +494 @@
         if (pLocalName[1] == L':')
         {
+            ULONG cbOut = 0;
             WCHAR LocalName[3];
 
@@ -515 +515 @@
                 dwStatus = WN_NOT_CONNECTED;
             }
-            else
-            {
+            else if (cbOut)
+            {
+                Assert(cbOut % sizeof(WCHAR) == 0); /* Paranoia. */
                 RemoteName[cbOut / sizeof(WCHAR)] = 0;
-
-                if (cbOut == 0)
-                {
-                    dwStatus = WN_NO_NETWORK;
-                }
-            }
+            }
+            else /* Buggy VBoxSF.sys code. */
+                AssertFailedStmt(dwStatus = WN_NO_NETWORK);
         }
     }
@@ -529 +527 @@
     if (dwStatus == WN_SUCCESS)
     {
-        ULONG cbRemoteName = (lstrlen(RemoteName) + 1) * sizeof (WCHAR); /* Including the trailing 0. */
-
-        Log(("VBOXNP: NPGetConnection: RemoteName: %ls, cb %d\n",
+        ULONG const cbRemoteName = (  1 /* Including the leading '\' */
+                                    + lstrlen(RemoteName)
+                                    + 1 /* Include terminatior */)
+                                 * sizeof (WCHAR);
+
+        Log(("VBOXNP: NPGetConnection: RemoteName: %ls -> cbRemoteName %d\n",
              RemoteName, cbRemoteName));
 
-        DWORD len = sizeof(WCHAR) + cbRemoteName; /* Including the leading '\'. */
-
-        if (*pBufferSize >= len)
+        /* Note: *pBufferSize is characters, not bytes! */
+        if (*pBufferSize * sizeof(WCHAR) >= cbRemoteName)
         {
             pRemoteName[0] = L'\\';
-            CopyMemory(&pRemoteName[1], RemoteName, cbRemoteName);
+            CopyMemory(&pRemoteName[1], RemoteName, cbRemoteName - sizeof(pRemoteName[0]) /* Skip leading '\' */);
 
             Log(("VBOXNP: NPGetConnection: returning pRemoteName: %ls\n",
@@ -549 +549 @@
             {
                 /* Log only real errors. Do not log a 0 bytes try. */
-                Log(("VBOXNP: NPGetConnection: Buffer overflow: *pBufferSize = %d, len = %d\n",
-                     *pBufferSize, len));
+                Log(("VBOXNP: NPGetConnection: Buffer overflow: *pBufferSize = %d < cbRemoteName = %d\n",
+                     *pBufferSize, cbRemoteName));
             }
 
@@ -556 +556 @@
         }
 
-        *pBufferSize = len;
-    }
-
-    if ((dwStatus != WN_SUCCESS) &&
-        (dwStatus != WN_MORE_DATA))
-    {
-        Log(("VBOXNP: NPGetConnection: Returned error 0x%08X\n",
-             dwStatus));
-    }
+        Assert(cbRemoteName % sizeof(WCHAR) == 0);
+        *pBufferSize = cbRemoteName / sizeof(WCHAR); /* Length in characters, not bytes! */
+    }
+
+    if (   (dwStatus != WN_SUCCESS)
+        && (dwStatus != WN_MORE_DATA))
+        Log(("VBOXNP: NPGetConnection: Returned error 0x%08X\n", dwStatus));
 
     return dwStatus;