Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Virtual Storport Tweaks

Jamey_KirbyJamey_Kirby Member - All Emails Posts: 436
Just finished reading this article. I have a question: How should the driver respond when the srb transfer length is less than the cdb transfer length? Should the driver copy as much as it can (srb transfer length), and return some sort of overrun error, or fail the request?

<quote>
Validating the SRB DataTransferLength
Another interesting busTRACE find was that the Storport Virtual Miniport Driver was not validating that the size of the buffer described by the SRBs? DataTransferLength field was large enough to hold the data requested. What this means is that when the Storport Virtual Miniport gets a request, for example a read or write, it needs to get the length of the transfer described in the CDB and ensure that the SRB DataTransferLength field is large enough. Failure to make this check would lead to crashes or data corruption since the driver could attempt to access past the end of the allocated buffer.
</quote>

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,378
    IIRC (it's been a long time)... You simply limit the transfer to that requested in the SRB (not the CDB) and let someone else worry about it.

    If nobody else has data on this, I can go back and look at the code to see what we did.
    Peter
    OSR
    @OSRDrivers

    Peter Viscarola
    OSR
    @OSRDrivers

  • Alex_GrigAlex_Grig Member Posts: 3,238
    @Jamey Kirby:

    "What
    this means is that when the Storport Virtual Miniport gets a request, for
    example a read or write, it needs to get the length of the transfer described in
    the CDB and ensure that the SRB DataTransferLength field is large enough."

    CDB and SRB describe different layers. CDB is meant for a target, SRB is for the transport. The transport must not place data beyond the provided buffer (DataTransferLength), no matter what the target does. The transport is not supposed to parse CDBs and try to figure out if the buffer is big enough. It should simply set OVERRUN error when the target is trying to transfer more data than buffer size.
  • Jamey_KirbyJamey_Kirby Member - All Emails Posts: 436
    No worries, I did the same thing. Read what it can and let someone else
    worry about it. I'm cleaning up an old virtual storport driver that I
    wrote, and ran across your article, so I went through and fixed a few
    things.


    On Wed, May 17, 2017 at 7:14 AM wrote:

    > IIRC (it's been a long time)... You simply limit the transfer to that
    > requested in the SRB (not the CDB) and let someone else worry about it.
    >
    > If nobody else has data on this, I can go back and look at the code to see
    > what we did.
    > Peter
    > OSR
    > @OSRDrivers
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > Visit the list online at: <
    > http://www.osronline.com/showlists.cfm?list=ntdev>;
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and
    > software drivers!
    > Details at
    >
    > To unsubscribe, visit the List Server section of OSR Online at <
    > http://www.osronline.com/page.cfm?name=ListServer>;
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA