Index: /trunk/include/VBox/shflsvc.h =================================================================== --- /trunk/include/VBox/shflsvc.h (revision 51996) +++ /trunk/include/VBox/shflsvc.h (revision 51997) @@ -153,7 +153,8 @@ * Shared folder string buffer structure. */ +#pragma pack(1) typedef struct _SHFLSTRING { - /** Size of the String member in bytes. */ + /** Allocated size of the String member in bytes. */ uint16_t u16Size; @@ -168,4 +169,8 @@ } String; } SHFLSTRING; +#pragma pack() + +#define SHFLSTRING_HEADER_SIZE RT_UOFFSETOF(SHFLSTRING, String) +AssertCompile(SHFLSTRING_HEADER_SIZE == 4); /** Pointer to a shared folder string buffer. */ @@ -188,5 +193,5 @@ { PSHFLSTRING pString = NULL; - const uint32_t u32HeaderSize = sizeof(SHFLSTRING); + const uint32_t u32HeaderSize = SHFLSTRING_HEADER_SIZE; /* @@ -199,4 +204,8 @@ pString->u16Size = u32Size - u32HeaderSize; pString->u16Length = 0; + if (pString->u16Size >= sizeof(pString->String.ucs2[0])) + pString->String.ucs2[0] = 0; + else if (pString->u16Size >= sizeof(pString->String.utf8[0])) + pString->String.utf8[0] = 0; } Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/info.c =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/info.c (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/info.c (revision 51997) @@ -113,8 +113,10 @@ if (Template->Length) { - ULONG ParsedPathSize, len; - - /* Calculate length required for parsed path. */ - ParsedPathSize = sizeof(SHFLSTRING) + DirectoryName->Length + Template->Length + 3 * sizeof(WCHAR); + ULONG ParsedPathSize, cch; + + /* Calculate size required for parsed path: dir + \ + template + 0. */ + ParsedPathSize = SHFLSTRING_HEADER_SIZE + Template->Length + sizeof(WCHAR); + if (DirectoryName->Length) + ParsedPathSize += DirectoryName->Length + sizeof(WCHAR); Log(("VBOXSF: MrxQueryDirectory: ParsedPathSize = %d\n", ParsedPathSize)); @@ -126,5 +128,4 @@ } - RtlZeroMemory(ParsedPath, ParsedPathSize); if (!ShflStringInitBuffer(ParsedPath, ParsedPathSize)) { @@ -133,21 +134,27 @@ } - ParsedPath->u16Size = DirectoryName->Length + Template->Length + sizeof(WCHAR); - ParsedPath->u16Length = ParsedPath->u16Size - sizeof(WCHAR); /* Without terminating null. */ - - len = 0; + cch = 0; if (DirectoryName->Length) { /* Copy directory name into ParsedPath. */ RtlCopyMemory(ParsedPath->String.ucs2, DirectoryName->Buffer, DirectoryName->Length); - len = DirectoryName->Length / sizeof(WCHAR); + cch += DirectoryName->Length / sizeof(WCHAR); /* Add terminating backslash. */ - ParsedPath->String.ucs2[len] = L'\\'; - len++; - ParsedPath->u16Length += sizeof(WCHAR); - ParsedPath->u16Size += sizeof(WCHAR); - } - RtlCopyMemory (&ParsedPath->String.ucs2[len], Template->Buffer, Template->Length); + ParsedPath->String.ucs2[cch] = L'\\'; + cch++; + } + + RtlCopyMemory (&ParsedPath->String.ucs2[cch], Template->Buffer, Template->Length); + cch += Template->Length / sizeof(WCHAR); + + /* Add terminating nul. */ + ParsedPath->String.ucs2[cch] = 0; + + /* cch is the number of chars without trailing nul. */ + ParsedPath->u16Length = (uint16_t)(cch * sizeof(WCHAR)); + + AssertMsg(ParsedPath->u16Length + sizeof(WCHAR) == ParsedPath->u16Size, + ("u16Length %d, u16Size %d\n", ParsedPath->u16Length, ParsedPath->u16Size)); Log(("VBOXSF: MrxQueryDirectory: ParsedPath = %.*ls\n", Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/net.c =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/net.c (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/net.c (revision 51997) @@ -169,5 +169,4 @@ int vboxRC; PSHFLSTRING ParsedPath = 0; - ULONG ParsedPathSize; Log(("VBOXSF: MRxCreateVNetRoot: initialize NET_ROOT\n")); @@ -200,21 +199,9 @@ RootNameLength, RootNameLength / sizeof(WCHAR), pRootName)); - /* Calculate the length required for parsed path. */ - ParsedPathSize = sizeof(SHFLSTRING) + RootNameLength + sizeof(WCHAR); - ParsedPath = (PSHFLSTRING)vbsfAllocNonPagedMem(ParsedPathSize); - if (!ParsedPath) + Status = vbsfShflStringFromUnicodeAlloc(&ParsedPath, pRootName, (uint16_t)RootNameLength); + if (Status != STATUS_SUCCESS) { - Status = STATUS_INSUFFICIENT_RESOURCES; goto l_Exit; } - memset(ParsedPath, 0, ParsedPathSize); - if (!ShflStringInitBuffer(ParsedPath, ParsedPathSize)) - { - vbsfFreeNonPagedMem(ParsedPath); - Status = STATUS_INSUFFICIENT_RESOURCES; - goto l_Exit; - } - ParsedPath->u16Length = ParsedPath->u16Size - sizeof(WCHAR); /* without terminating null */ - RtlCopyMemory(ParsedPath->String.ucs2, pRootName, ParsedPath->u16Length); vboxRC = vboxCallMapFolder(&pDeviceExtension->hgcmClient, ParsedPath, &pNetRootExtension->map); Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/path.c =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/path.c (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/path.c (revision 51997) @@ -248,27 +248,12 @@ { PSHFLSTRING ParsedPath; - ULONG ParsedPathSize; - - /* Calculate length required for parsed path. - */ - ParsedPathSize = sizeof(*ParsedPath) + (RemainingName->Length + sizeof(WCHAR)); - Log(("VBOXSF: vbsfProcessCreate: ParsedPathSize = %d\n", ParsedPathSize)); - - ParsedPath = (PSHFLSTRING)vbsfAllocNonPagedMem(ParsedPathSize); - if (!ParsedPath) + Log(("VBOXSF: vbsfProcessCreate: RemainingName->Length = %d\n", RemainingName->Length)); + + Status = vbsfShflStringFromUnicodeAlloc(&ParsedPath, RemainingName->Buffer, RemainingName->Length); + if (Status != STATUS_SUCCESS) { - Status = STATUS_INSUFFICIENT_RESOURCES; goto failure; } - if (!ShflStringInitBuffer(ParsedPath, ParsedPathSize)) - { - vbsfFreeNonPagedMem(ParsedPath); - Status = STATUS_INSUFFICIENT_RESOURCES; - goto failure; - } - - ParsedPath->u16Length = ParsedPath->u16Size - sizeof(WCHAR); /* without terminating null */ - RtlCopyMemory (ParsedPath->String.ucs2, RemainingName->Buffer, ParsedPath->u16Length); Log(("VBOXSF: ParsedPath: %.*ls\n", ParsedPath->u16Length / sizeof(WCHAR), ParsedPath->String.ucs2)); @@ -839,5 +824,4 @@ int vboxRC; PSHFLSTRING ParsedPath = NULL; - ULONG ParsedPathSize; Log(("VBOXSF: vbsfRemove: Delete %.*ls. open count = %d\n", @@ -848,21 +832,8 @@ vbsfCloseFileHandle(pDeviceExtension, pNetRootExtension, pVBoxFobx); - /* Calculate length required for parsed path. */ - ParsedPathSize = sizeof(SHFLSTRING) + RemainingName->Length + sizeof(WCHAR); - Log(("VBOXSF: vbsfRemove: ParsedPathSize %d\n", ParsedPathSize)); - - ParsedPath = (PSHFLSTRING)vbsfAllocNonPagedMem(ParsedPathSize); - if (!ParsedPath) - return STATUS_INSUFFICIENT_RESOURCES; - - if (!ShflStringInitBuffer(ParsedPath, ParsedPathSize)) - { - vbsfFreeNonPagedMem(ParsedPath); - return STATUS_INSUFFICIENT_RESOURCES; - } - - Log(("VBOXSF: vbsfRemove: Setup ParsedPath\n")); - ParsedPath->u16Length = ParsedPath->u16Size - sizeof(WCHAR); /* without terminating null */ - RtlCopyMemory(ParsedPath->String.ucs2, RemainingName->Buffer, ParsedPath->u16Length); + Log(("VBOXSF: vbsfRemove: RemainingName->Length %d\n", RemainingName->Length)); + Status = vbsfShflStringFromUnicodeAlloc(&ParsedPath, RemainingName->Buffer, RemainingName->Length); + if (Status != STATUS_SUCCESS) + return Status; /* Call host. */ @@ -905,5 +876,5 @@ int vboxRC; PSHFLSTRING SrcPath = 0, DestPath = 0; - ULONG ParsedPathSize, flags; + ULONG flags; Assert(FileInformationClass == FileRenameInformation); @@ -919,50 +890,19 @@ SetFlag(pSrvOpen->Flags, SRVOPEN_FLAG_FILE_RENAMED); - /* Calculate length required for destination path. */ - ParsedPathSize = sizeof(SHFLSTRING) + RenameInformation->FileNameLength + sizeof(WCHAR); - Log(("VBOXSF: vbsfRename: ParsedPathSize = %d\n", ParsedPathSize)); - - DestPath = (PSHFLSTRING)vbsfAllocNonPagedMem(ParsedPathSize); - if (!DestPath) - return STATUS_INSUFFICIENT_RESOURCES; - - RtlZeroMemory(DestPath, ParsedPathSize); - if (!ShflStringInitBuffer(DestPath, ParsedPathSize)) - { - vbsfFreeNonPagedMem(DestPath); - return STATUS_INSUFFICIENT_RESOURCES; - } - - Log(("VBOXSF: vbsfRename: Setting up destination path\n")); - DestPath->u16Length = DestPath->u16Size - sizeof(WCHAR); /* without terminating null */ - RtlCopyMemory(DestPath->String.ucs2, RenameInformation->FileName, DestPath->u16Length); + Log(("VBOXSF: vbsfRename: RenameInformation->FileNameLength = %d\n", RenameInformation->FileNameLength)); + Status = vbsfShflStringFromUnicodeAlloc(&DestPath, RenameInformation->FileName, (uint16_t)RenameInformation->FileNameLength); + if (Status != STATUS_SUCCESS) + return Status; Log(("VBOXSF: vbsfRename: Destination path = %.*ls\n", DestPath->u16Length / sizeof(WCHAR), &DestPath->String.ucs2[0])); - /* Calculate length required for source path */ - ParsedPathSize = sizeof(*DestPath) + (RemainingName->Length + sizeof(WCHAR)); - - Log(("VBOXSF: vbsfRename: ParsedPathSize = %d\n", ParsedPathSize)); - - SrcPath = (PSHFLSTRING)vbsfAllocNonPagedMem(ParsedPathSize); - if (!SrcPath) + Log(("VBOXSF: vbsfRename: RemainingName->Length = %d\n", RemainingName->Length)); + Status = vbsfShflStringFromUnicodeAlloc(&SrcPath, RemainingName->Buffer, RemainingName->Length); + if (Status != STATUS_SUCCESS) { vbsfFreeNonPagedMem(DestPath); - return STATUS_INSUFFICIENT_RESOURCES; - } - - RtlZeroMemory(SrcPath, ParsedPathSize); - if (!ShflStringInitBuffer(SrcPath, ParsedPathSize)) - { - vbsfFreeNonPagedMem(DestPath); - vbsfFreeNonPagedMem(SrcPath); - return STATUS_INSUFFICIENT_RESOURCES; - } - - Log(("VBOXSF: vbsfRename: Setting up source path\n")); - - SrcPath->u16Length = SrcPath->u16Size - sizeof(WCHAR); /* without terminating null */ - RtlCopyMemory(SrcPath->String.ucs2, RemainingName->Buffer, SrcPath->u16Length); + return Status; + } Log(("VBOXSF: vbsfRename: Source path = %.*ls\n", Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsf.c =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsf.c (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsf.c (revision 51997) @@ -663,5 +663,5 @@ } - if (cbOut >= _MRX_MAX_DRIVE_LETTERS && !pu8Out) + if (cbOut >= _MRX_MAX_DRIVE_LETTERS && pu8Out) { BOOLEAN fLocked = FALSE; @@ -706,5 +706,5 @@ break; - if (cbOut >= _MRX_MAX_DRIVE_LETTERS && !pu8Out) + if (cbOut >= _MRX_MAX_DRIVE_LETTERS && pu8Out) { SHFLMAPPING mappings[_MRX_MAX_DRIVE_LETTERS]; @@ -762,5 +762,5 @@ Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETCONN: Looking up connection name and connections\n")); - if (cbConnectName > sizeof(WCHAR) && !pwcConnectName) + if (cbConnectName > sizeof(WCHAR) && pwcConnectName) { ULONG cbLocalConnectionName; @@ -829,27 +829,16 @@ int vboxRC; PSHFLSTRING pString; - uint32_t cbString; Log(("VBOXSF: MRxDevFcbXXXControlFile: IOCTL_MRX_VBOX_GETGLOBALCONN: Connection ID = %d, RemoteName = 0x%x, Len = %d\n", *pConnectId, pwcRemoteName, cbRemoteName)); - cbString = sizeof(SHFLSTRING) + cbRemoteName; - pString = (PSHFLSTRING)vbsfAllocNonPagedMem(cbString); - if (!pString) - { - Status = STATUS_INSUFFICIENT_RESOURCES; + /* Allocate empty string where the host can store cbRemoteName bytes. */ + Status = vbsfShflStringFromUnicodeAlloc(&pString, NULL, (uint16_t)cbRemoteName); + if (Status != STATUS_SUCCESS) break; - } - memset(pString, 0, cbString); - if (!ShflStringInitBuffer(pString, cbString)) - { - vbsfFreeNonPagedMem(pString); - Status = STATUS_BAD_NETWORK_NAME; - break; - } vboxRC = vboxCallQueryMapName(&pDeviceExtension->hgcmClient, (*pConnectId) & ~0x80 /** @todo fix properly */, - pString, cbString); + pString, ShflStringSizeOfBuffer(pString)); if ( vboxRC == VINF_SUCCESS && pString->u16Length < cbRemoteName) Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.c =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.c (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.c (revision 51997) @@ -434,2 +434,57 @@ } #endif + +/** Allocate and initialize a SHFLSTRING from a UNICODE string. + * + * @param ppShflString Where to store the pointer to the allocated SHFLSTRING structure. + * The structure must be deallocated with vbsfFreeNonPagedMem. + * @param pwc The UNICODE string. If NULL then SHFL is only allocated. + * @param cb Size of the UNICODE string in bytes without the trailing nul. + * + * @return Status code. + */ +NTSTATUS vbsfShflStringFromUnicodeAlloc(PSHFLSTRING *ppShflString, const WCHAR *pwc, uint16_t cb) +{ + NTSTATUS Status = STATUS_SUCCESS; + + PSHFLSTRING pShflString; + ULONG ulShflStringSize; + + /* Calculate length required for the SHFL structure: header + chars + nul. */ + ulShflStringSize = SHFLSTRING_HEADER_SIZE + cb + sizeof(WCHAR); + pShflString = (PSHFLSTRING)vbsfAllocNonPagedMem(ulShflStringSize); + if (pShflString) + { + if (ShflStringInitBuffer(pShflString, ulShflStringSize)) + { + if (pwc) + { + RtlCopyMemory(pShflString->String.ucs2, pwc, cb); + pShflString->String.ucs2[cb / sizeof(WCHAR)] = 0; + pShflString->u16Length = cb; /* without terminating null */ + AssertMsg(pShflString->u16Length + sizeof(WCHAR) == pShflString->u16Size, + ("u16Length %d, u16Size %d\n", pShflString->u16Length, pShflString->u16Size)); + } + else + { + RtlZeroMemory(pShflString->String.ucs2, cb + sizeof(WCHAR)); + pShflString->u16Length = 0; /* without terminating null */ + AssertMsg(pShflString->u16Size >= sizeof(WCHAR), + ("u16Size %d\n", pShflString->u16Size)); + } + + *ppShflString = pShflString; + } + else + { + vbsfFreeNonPagedMem(pShflString); + Status = STATUS_INSUFFICIENT_RESOURCES; + } + } + else + { + Status = STATUS_INSUFFICIENT_RESOURCES; + } + + return Status; +} Index: /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.h =================================================================== --- /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.h (revision 51996) +++ /trunk/src/VBox/Additions/WINNT/SharedFolders/driver/vbsfhlp.h (revision 51997) @@ -63,3 +63,5 @@ #endif +NTSTATUS vbsfShflStringFromUnicodeAlloc(PSHFLSTRING *ppShflString, const WCHAR *pwc, uint16_t cb); + #endif /* __VBSFHLP__H */ Index: /trunk/src/VBox/Additions/common/VBoxGuestLib/VBoxGuestR3LibSharedFolders.cpp =================================================================== --- /trunk/src/VBox/Additions/common/VBoxGuestLib/VBoxGuestR3LibSharedFolders.cpp (revision 51996) +++ /trunk/src/VBox/Additions/common/VBoxGuestLib/VBoxGuestR3LibSharedFolders.cpp (revision 51997) @@ -245,10 +245,9 @@ int rc; - uint32_t cbString = sizeof(SHFLSTRING) + SHFL_MAX_LEN; + uint32_t cbString = SHFLSTRING_HEADER_SIZE + SHFL_MAX_LEN; PSHFLSTRING pString = (PSHFLSTRING)RTMemAlloc(cbString); if (pString) { - RT_ZERO(*pString); - if (!ShflStringInitBuffer(pString, SHFL_MAX_LEN)) + if (!ShflStringInitBuffer(pString, cbString)) { RTMemFree(pString); Index: /trunk/src/VBox/Main/src-client/ConsoleImpl.cpp =================================================================== --- /trunk/src/VBox/Main/src-client/ConsoleImpl.cpp (revision 51996) +++ /trunk/src/VBox/Main/src-client/ConsoleImpl.cpp (revision 51997) @@ -7837,5 +7837,5 @@ if (cbString >= UINT16_MAX) return setError(E_INVALIDARG, tr("The name is too long")); - pFolderName = (SHFLSTRING*)RTMemAllocZ(sizeof(SHFLSTRING) + cbString); + pFolderName = (SHFLSTRING*)RTMemAllocZ(SHFLSTRING_HEADER_SIZE + cbString); Assert(pFolderName); memcpy(pFolderName->String.ucs2, bstrHostPath.raw(), cbString); @@ -7846,5 +7846,5 @@ parms[0].type = VBOX_HGCM_SVC_PARM_PTR; parms[0].u.pointer.addr = pFolderName; - parms[0].u.pointer.size = sizeof(SHFLSTRING) + (uint16_t)cbString; + parms[0].u.pointer.size = ShflStringSizeOfBuffer(pFolderName); cbString = (bstrName.length() + 1) * sizeof(RTUTF16); @@ -7854,5 +7854,5 @@ return setError(E_INVALIDARG, tr("The host path is too long")); } - pMapName = (SHFLSTRING*)RTMemAllocZ(sizeof(SHFLSTRING) + cbString); + pMapName = (SHFLSTRING*)RTMemAllocZ(SHFLSTRING_HEADER_SIZE + cbString); Assert(pMapName); memcpy(pMapName->String.ucs2, bstrName.raw(), cbString); @@ -7863,5 +7863,5 @@ parms[1].type = VBOX_HGCM_SVC_PARM_PTR; parms[1].u.pointer.addr = pMapName; - parms[1].u.pointer.size = sizeof(SHFLSTRING) + (uint16_t)cbString; + parms[1].u.pointer.size = ShflStringSizeOfBuffer(pMapName); parms[2].type = VBOX_HGCM_SVC_PARM_32BIT; @@ -7917,5 +7917,5 @@ if (cbString >= UINT16_MAX) return setError(E_INVALIDARG, tr("The name is too long")); - pMapName = (SHFLSTRING *) RTMemAllocZ(sizeof(SHFLSTRING) + cbString); + pMapName = (SHFLSTRING *) RTMemAllocZ(SHFLSTRING_HEADER_SIZE + cbString); Assert(pMapName); memcpy(pMapName->String.ucs2, bstrName.raw(), cbString); @@ -7926,5 +7926,5 @@ parms.type = VBOX_HGCM_SVC_PARM_PTR; parms.u.pointer.addr = pMapName; - parms.u.pointer.size = sizeof(SHFLSTRING) + (uint16_t)cbString; + parms.u.pointer.size = ShflStringSizeOfBuffer(pMapName); int vrc = m_pVMMDev->hgcmHostCall("VBoxSharedFolders",