From fbb229d2c5bfe031000ca1b4929cc7d0e2ac6a61 Mon Sep 17 00:00:00 2001
From: Tal Aloni <tal.aloni.il@gmail.com>
Date: Fri, 1 Sep 2017 11:56:24 +0300
Subject: [PATCH] NTDirectoryFileSystem: QueryDirectory /
 GetFileSystemInformation: Prevent possibility of reading data beyond the
 number of bytes written

---
 SMBLibrary/Win32/NTFileStore/NTDirectoryFileSystem.cs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SMBLibrary/Win32/NTFileStore/NTDirectoryFileSystem.cs b/SMBLibrary/Win32/NTFileStore/NTDirectoryFileSystem.cs
index 3c1e836..ba92407 100644
--- a/SMBLibrary/Win32/NTFileStore/NTDirectoryFileSystem.cs
+++ b/SMBLibrary/Win32/NTFileStore/NTDirectoryFileSystem.cs
@@ -264,9 +264,11 @@ namespace SMBLibrary.Win32
                 {
                     return status;
                 }
-                restartScan = false;
+                int numberOfBytesWritten = (int)ioStatusBlock.Information;
+                buffer = ByteReader.ReadBytes(buffer, 0, numberOfBytesWritten);
                 List<QueryDirectoryFileInformation> page = QueryDirectoryFileInformation.ReadFileInformationList(buffer, 0, informationClass);
                 result.AddRange(page);
+                restartScan = false;
             }
             fileNameStructure.Dispose();
             return NTStatus.STATUS_SUCCESS;
@@ -353,6 +355,8 @@ namespace SMBLibrary.Win32
             CloseFile(volumeHandle);
             if (status == NTStatus.STATUS_SUCCESS)
             {
+                int numberOfBytesWritten = (int)ioStatusBlock.Information;
+                buffer = ByteReader.ReadBytes(buffer, 0, numberOfBytesWritten);
                 result = FileSystemInformation.GetFileSystemInformation(buffer, 0, informationClass);
             }
             return status;