Fix potential buffer overflow

The __min in XENFILT's FdoQueryDeviceRelations() should be a __max. The only
reason this mistake did not lead to an immediate buffer overflow was because
the allocation incorrectly used sizeof (DEVICE_OBJECT) rather than
sizeof (PDEVICE_OBJECT).

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>

diff --git a/src/xenfilt/fdo.c b/src/xenfilt/fdo.c
index 42a40e8a63ce1bb08314bb0096ecdef77ffef382..cff179baab51ddcb1c2103474bfbdbed63a7979c 100644 (file)
--- a/src/xenfilt/fdo.c
+++ b/src/xenfilt/fdo.c
@@ -1160,7 +1160,7 @@ FdoQueryDeviceRelations(
     }
 
     Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) +
-           (sizeof (DEVICE_OBJECT) * __min(Count, 1));
+           (sizeof (PDEVICE_OBJECT) * __max(Count, 1));
 
     Relations = __AllocatePoolWithTag(PagedPool, Size, 'TLIF');