Beginner’s Q: How to get the size of the buffer at
Overlay.Tail.AuxiliaryBuffer ?
Why do you think you need to use this field?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej
Mlinar Groznik
Sent: Monday, June 21, 2004 12:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Overlay.Tail.AuxiliaryBufferBeginner’s Q: How to get the size of the buffer at
Overlay.Tail.AuxiliaryBuffer ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
This field is used by reparse points to provide the reparse point data. I am
concerned because if some malicious application tampers with the reparse
point data in user space I may not know how big the buffer is in my driver,
then causing serious problems if I access (or even write, not the case for
now) beyond the buffer limit.
Andrej
-----Original Message-----
From: Mark Roddy [mailto:xxxxx@hollistech.com]
Sent: Monday, June 21, 2004 11:55 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
Why do you think you need to use this field?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej
Mlinar Groznik
Sent: Monday, June 21, 2004 12:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Overlay.Tail.AuxiliaryBufferBeginner’s Q: How to get the size of the buffer at
Overlay.Tail.AuxiliaryBuffer ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
That buffer is not provided by an application - it is either provided by
the OS, or by the file system. In either case, the size of the
auxilliary buffer is a function of the specific operation being
performed (e.g., with a reparse point tag, it is the size of the tag
data as specified in the reparse point tag strucure returned.)
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej Mlinar
Groznik
Sent: Tuesday, June 22, 2004 5:40 AM
To: ntdev redirect
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
This field is used by reparse points to provide the reparse point data.
I am concerned because if some malicious application tampers with the
reparse point data in user space I may not know how big the buffer is in
my driver, then causing serious problems if I access (or even write, not
the case for
now) beyond the buffer limit.
Andrej
-----Original Message-----
From: Mark Roddy [mailto:xxxxx@hollistech.com]
Sent: Monday, June 21, 2004 11:55 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
Why do you think you need to use this field?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej Mlinar
Groznik
Sent: Monday, June 21, 2004 12:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Overlay.Tail.AuxiliaryBufferBeginner’s Q: How to get the size of the buffer at
Overlay.Tail.AuxiliaryBuffer ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
I’m aware of it. The reparseguiddata structure (what I am expecting in the
buffer) is self describing then it shouldn’t be a problem.
I was concerned with NTFS returning more or less data than reported because
the reparse point data was set improperly (or is corrupted). I will assume
that NTFS will take care of it properly and fix the problem by doing nothing
Andrej
-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Tuesday, June 22, 2004 12:26 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
That buffer is not provided by an application - it is either provided by
the OS, or by the file system. In either case, the size of the
auxilliary buffer is a function of the specific operation being
performed (e.g., with a reparse point tag, it is the size of the tag
data as specified in the reparse point tag strucure returned.)
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej Mlinar
Groznik
Sent: Tuesday, June 22, 2004 5:40 AM
To: ntdev redirect
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
This field is used by reparse points to provide the reparse point data.
I am concerned because if some malicious application tampers with the
reparse point data in user space I may not know how big the buffer is in
my driver, then causing serious problems if I access (or even write, not
the case for
now) beyond the buffer limit.
Andrej
-----Original Message-----
From: Mark Roddy [mailto:xxxxx@hollistech.com]
Sent: Monday, June 21, 2004 11:55 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBuffer
Why do you think you need to use this field?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej Mlinar
Groznik
Sent: Monday, June 21, 2004 12:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Overlay.Tail.AuxiliaryBufferBeginner’s Q: How to get the size of the buffer at
Overlay.Tail.AuxiliaryBuffer ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
You do have to trust somebody.
There certainly have been examples in the past where ‘trusted kernel
components’ were unable to correctly supply enough buffer space for their
self-describing data structures, but there isn’t much a client of such a
service can do about that. You parse the structure according to the rules,
and if you fall off the edge of the known universe, oh well. This is one of
the exceptions to the rule that ‘new code is crappy code’: new code can
reveal the crappiness of old code.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej
Mlinar Groznik
Sent: Tuesday, June 22, 2004 6:39 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBufferI’m aware of it. The reparseguiddata structure (what I am
expecting in the
buffer) is self describing then it shouldn’t be a problem.I was concerned with NTFS returning more or less data than
reported because the reparse point data was set improperly
(or is corrupted). I will assume that NTFS will take care of
it properly and fix the problem by doing nothing
Andrej
-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Tuesday, June 22, 2004 12:26 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBufferThat buffer is not provided by an application - it is either
provided by the OS, or by the file system. In either case,
the size of the auxilliary buffer is a function of the
specific operation being performed (e.g., with a reparse
point tag, it is the size of the tag data as specified in the
reparse point tag strucure returned.)Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Andrej
Mlinar Groznik
Sent: Tuesday, June 22, 2004 5:40 AM
To: ntdev redirect
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBufferThis field is used by reparse points to provide the reparse
point data.
I am concerned because if some malicious application tampers
with the reparse point data in user space I may not know how
big the buffer is in my driver, then causing serious problems
if I access (or even write, not the case for
now) beyond the buffer limit.Andrej
-----Original Message-----
From: Mark Roddy [mailto:xxxxx@hollistech.com]
Sent: Monday, June 21, 2004 11:55 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Overlay.Tail.AuxiliaryBufferWhy do you think you need to use this field?
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
Andrej Mlinar
> Groznik
> Sent: Monday, June 21, 2004 12:04 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Overlay.Tail.AuxiliaryBuffer
>
> Beginner’s Q: How to get the size of the buffer at
> Overlay.Tail.AuxiliaryBuffer ?
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@hollistech.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: xxxxx@osr.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as:
xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com