Just finished reading this article. I have a question: How should the driver respond when the srb transfer length is less than the cdb transfer length? Should the driver copy as much as it can (srb transfer length), and return some sort of overrun error, or fail the request?
Validating the SRB DataTransferLength
Another interesting busTRACE find was that the Storport Virtual Miniport Driver was not validating that the size of the buffer described by the SRBs? DataTransferLength field was large enough to hold the data requested. What this means is that when the Storport Virtual Miniport gets a request, for example a read or write, it needs to get the length of the transfer described in the CDB and ensure that the SRB DataTransferLength field is large enough. Failure to make this check would lead to crashes or data corruption since the driver could attempt to access past the end of the allocated buffer.