Signed-off-by: Zebediah Figura zfigura@codeweavers.com --- dlls/kernel32/tests/volume.c | 2 +- dlls/mountmgr.sys/mountmgr.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/kernel32/tests/volume.c b/dlls/kernel32/tests/volume.c index 444ae7ea795..17c24eecb66 100644 --- a/dlls/kernel32/tests/volume.c +++ b/dlls/kernel32/tests/volume.c @@ -1649,7 +1649,7 @@ static void test_mountmgr_query_points(void) io.Information = 0xdeadf00d; status = NtDeviceIoControlFile( file, NULL, NULL, NULL, &io, IOCTL_MOUNTMGR_QUERY_POINTS, input, sizeof(*input) - 1, NULL, 0 ); - todo_wine ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status); + ok(status == STATUS_INVALID_PARAMETER, "got %#x\n", status); todo_wine ok(io.Status == 0xdeadf00d, "got status %#x\n", io.Status); todo_wine ok(io.Information == 0xdeadf00d, "got information %#Ix\n", io.Information);
diff --git a/dlls/mountmgr.sys/mountmgr.c b/dlls/mountmgr.sys/mountmgr.c index 50be9eb740f..3dd2cc84da2 100644 --- a/dlls/mountmgr.sys/mountmgr.c +++ b/dlls/mountmgr.sys/mountmgr.c @@ -168,8 +168,8 @@ static NTSTATUS query_mount_points( void *buff, SIZE_T insize, MOUNTMGR_MOUNT_POINTS *info; struct mount_point *mount;
- /* sanity checks */ - if (input->SymbolicLinkNameOffset + input->SymbolicLinkNameLength > insize || + if (insize < sizeof(*input) || + input->SymbolicLinkNameOffset + input->SymbolicLinkNameLength > insize || input->UniqueIdOffset + input->UniqueIdLength > insize || input->DeviceNameOffset + input->DeviceNameLength > insize || input->SymbolicLinkNameOffset + input->SymbolicLinkNameLength < input->SymbolicLinkNameOffset ||