archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/drivers/wdm/audio/sysaudio/validate.cpp

584 lines
20 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //---------------------------------------------------------------------------
  2. //
  3. // Module: validate.cpp
  4. //
  5. // Description:
  6. //
  7. //
  8. //@@BEGIN_MSINTERNAL
  9. // Development Team:
  10. // Alper Selcuk
  11. //
  12. // History: Date Author Comment
  13. // 02/28/02 AlperS Created
  14. //
  15. // To Do: Date Author Comment
  16. //
  17. //@@END_MSINTERNAL
  18. //
  19. // THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
  20. // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
  21. // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
  22. // PURPOSE.
  23. //
  24. // Copyright (c) 2002-2002 Microsoft Corporation. All Rights Reserved.
  25. //
  26. //---------------------------------------------------------------------------
  28. #include "common.h"
  30. DEFINE_KSPROPERTY_TABLE(AudioPropertyValidationHandlers)
  31. {
  32. DEFINE_KSPROPERTY_ITEM(
  33. KSPROPERTY_AUDIO_QUALITY, // idProperty
  34. NULL, // pfnGetHandler
  35. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  36. sizeof(ULONG), // cbMinGetDataInput
  37. SadValidateAudioQuality, // pfnSetHandler
  38. NULL, // Values
  39. 0, // RelationsCount
  40. NULL, // Relations
  41. NULL, // SupportHandler
  42. 0 // SerializedSize
  43. ),
  44. DEFINE_KSPROPERTY_ITEM(
  45. KSPROPERTY_AUDIO_MIX_LEVEL_CAPS, // idProperty
  46. NULL, // pfnGetHandler
  47. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  48. sizeof(ULONG) + sizeof(ULONG), // cbMinGetDataInput
  49. SadValidateAudioMixLevelCaps, // pfnSetHandler
  50. NULL, // Values
  51. 0, // RelationsCount
  52. NULL, // Relations
  53. NULL, // SupportHandler
  54. 0 // SerializedSize
  55. ),
  56. DEFINE_KSPROPERTY_ITEM(
  57. KSPROPERTY_AUDIO_STEREO_ENHANCE, // idProperty
  58. NULL, // pfnGetHandler
  59. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  60. sizeof(KSAUDIO_STEREO_ENHANCE), // cbMinGetDataInput
  61. SadValidateAudioStereoEnhance, // pfnSetHandler
  62. NULL, // Values
  63. 0, // RelationsCount
  64. NULL, // Relations
  65. NULL, // SupportHandler
  66. 0 // SerializedSize
  67. ),
  68. DEFINE_KSPROPERTY_ITEM(
  69. KSPROPERTY_AUDIO_PREFERRED_STATUS, // idProperty
  70. NULL, // pfnGetHandler
  71. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  72. sizeof(KSAUDIO_PREFERRED_STATUS), // cbMinGetDataInput
  73. SadValidateAudioPreferredStatus, // pfnSetHandler
  74. NULL, // Values
  75. 0, // RelationsCount
  76. NULL, // Relations
  77. NULL, // SupportHandler
  78. 0 // SerializedSize
  79. )
  80. };
  82. DEFINE_KSPROPERTY_TABLE(PinConnectionValidationHandlers)
  83. {
  84. DEFINE_KSPROPERTY_ITEM(
  85. KSPROPERTY_CONNECTION_STATE, // idProperty
  86. NULL, // pfnGetHandler
  87. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  88. sizeof(ULONG), // cbMinGetDataInput
  89. SadValidateConnectionState, // pfnSetHandler
  90. NULL, // Values
  91. 0, // RelationsCount
  92. NULL, // Relations
  93. NULL, // SupportHandler
  94. 0 // SerializedSize
  95. ),
  96. DEFINE_KSPROPERTY_ITEM(
  97. KSPROPERTY_CONNECTION_DATAFORMAT, // idProperty
  98. SadValidateDataFormat, // pfnGetHandler
  99. sizeof(KSPROPERTY), // cbMinGetPropertyInput
  100. sizeof(KSDATAFORMAT_WAVEFORMATEX), // cbMinGetDataInput
  101. SadValidateDataFormat, // pfnSetHandler
  102. NULL, // Values
  103. 0, // RelationsCount
  104. NULL, // Relations
  105. NULL, // SupportHandler
  106. 0 // SerializedSize
  107. )
  108. };
  111. DEFINE_KSPROPERTY_SET_TABLE(ValidationPropertySet)
  112. {
  113. DEFINE_KSPROPERTY_SET(
  114. &KSPROPSETID_Audio, // Set
  115. SIZEOF_ARRAY(AudioPropertyValidationHandlers), // PropertiesCount
  116. AudioPropertyValidationHandlers, // PropertyItem
  117. 0, // FastIoCount
  118. NULL // FastIoTable
  119. ),
  120. DEFINE_KSPROPERTY_SET(
  121. &KSPROPSETID_Connection, // Set
  122. SIZEOF_ARRAY(PinConnectionValidationHandlers), // PropertiesCount
  123. PinConnectionValidationHandlers, // PropertyItem
  124. 0, // FastIoCount
  125. NULL // FastIoTable
  126. )
  127. };
  130. //===========================================================================
  131. //
  132. // Validates the integrity of KSDATAFORMAT structure for AUDIO.
  133. // Assumptions:
  134. // - pDataFormat is totally trusted. It has been probed and buffered
  135. // properly.
  136. // - This function should only be called if MajorFormat is AUDIO.
  137. //
  138. NTSTATUS
  139. ValidateAudioDataFormats(
  140. PKSDATAFORMAT pDataFormat
  141. )
  142. {
  143. NTSTATUS ntStatus = STATUS_SUCCESS;
  144. ULONG cbAudioFormat;
  145. PWAVEFORMATEX pWaveFormatEx;
  147. ASSERT(pDataFormat);
  148. ASSERT(IsEqualGUID(&pDataFormat->MajorFormat, &KSDATAFORMAT_TYPE_AUDIO));
  150. //
  151. // We only support two specifiers in audio land. All the rest will be
  152. // accepted without further checks, because we don't know how to validate
  153. // them.
  154. //
  155. pWaveFormatEx = GetWaveFormatExFromKsDataFormat(pDataFormat, &cbAudioFormat);
  156. if (NULL == pWaveFormatEx) {
  157. DPF(5, "ValidataAudioDataFormats : invalid format specifier");
  158. ntStatus = STATUS_SUCCESS;
  159. goto exit;
  160. }
  162. //
  163. // Make sure that we have enough space for the actual format packet.
  164. // Note that this will make sure we can at least touch the WAVEFORMATEX
  165. // part.
  166. //
  167. if (pDataFormat->FormatSize < cbAudioFormat)
  168. {
  169. DPF(10, "ValidataAudioDataFormats : format size does not match specifier");
  170. ntStatus = STATUS_INVALID_PARAMETER;
  171. goto exit;
  172. }
  174. //
  175. // Check to see if WAVEFORMATEXTENSIBLE size is specified correctly.
  176. //
  177. if ((WAVE_FORMAT_EXTENSIBLE == pWaveFormatEx->wFormatTag) &&
  178. (pWaveFormatEx->cbSize < sizeof(WAVEFORMATEXTENSIBLE) - sizeof(WAVEFORMATEX)))
  179. {
  180. DPF1(4, "ValidataAudioDataFormats : WAVEFORMATEXTENSIBLE size does not match %d", pWaveFormatEx->cbSize);
  181. ntStatus = STATUS_INVALID_PARAMETER;
  182. goto exit;
  183. }
  185. //
  186. // Now that WaveFormatEx is guaranteed to be safe, check if we have extended
  187. // information in WAVEFORMATEX.
  188. // cbSize specifies the size of the extension structure.
  189. // Validate that FormatSize accomodates cbSize
  190. // Validate that cbSize does not cause an overflow.
  191. //
  192. if (pDataFormat->FormatSize < cbAudioFormat + pWaveFormatEx->cbSize ||
  193. cbAudioFormat + pWaveFormatEx->cbSize < cbAudioFormat)
  194. {
  195. DPF1(10, "ValidataAudioDataFormats : format size does not match waveformatex.cbSize %d", pWaveFormatEx->cbSize);
  196. ntStatus = STATUS_INVALID_PARAMETER;
  197. goto exit;
  198. }
  200. //
  201. // Now we validated that the data buffer passed to us actually matches
  202. // with its specifier.
  203. //
  205. exit:
  206. return ntStatus;
  207. } // ValidateAudioDataFormats
  209. //===========================================================================
  210. //
  211. // Validates the integrity of KSDATAFORMAT structure.
  212. // Calls ValidateAudioDataFormat if MajorFormat is audio.
  213. // Or checks the buffers size if Specifier is NONE.
  214. // Assumptions:
  215. // - pDataFormat is totally trusted. It has been probed and buffered
  216. // properly.
  217. //
  218. NTSTATUS
  219. ValidateDataFormat(
  220. PKSDATAFORMAT pDataFormat
  221. )
  222. {
  223. NTSTATUS ntStatus = STATUS_SUCCESS;
  225. ASSERT(pDataFormat);
  227. if (IsEqualGUID(&pDataFormat->MajorFormat, &KSDATAFORMAT_TYPE_AUDIO))
  228. {
  229. ntStatus = ValidateAudioDataFormats(pDataFormat);
  230. }
  232. return ntStatus;
  233. } // ValidateDataFormat
  235. //===========================================================================
  236. //
  237. // ValidateDeviceIoControl
  238. //
  239. // Probe Ioctl parameters by calling KS functions.
  240. // All the KS functions called here first probe the input and output buffers
  241. // and then copy them to Irp->SystemBuffer for further safe usage.
  242. // Calling these functions with NULL parameter basically means probe and copy
  243. // the buffers and return.
  244. //
  245. NTSTATUS
  246. ValidateDeviceIoControl(
  247. PIRP pIrp
  248. )
  249. {
  250. NTSTATUS Status = STATUS_SUCCESS;
  251. PIO_STACK_LOCATION pIrpStack;
  253. ASSERT(pIrp);
  255. pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
  257. switch (pIrpStack->Parameters.DeviceIoControl.IoControlCode)
  258. {
  259. case IOCTL_KS_PROPERTY:
  260. Status = KsPropertyHandler(
  261. pIrp,
  262. SIZEOF_ARRAY(ValidationPropertySet),
  263. ValidationPropertySet);
  264. break;
  266. case IOCTL_KS_ENABLE_EVENT:
  267. Status = KsEnableEvent(pIrp, 0, NULL, NULL, KSEVENTS_NONE, NULL);
  268. break;
  270. case IOCTL_KS_METHOD:
  271. Status = KsMethodHandler(pIrp, 0, NULL);
  272. break;
  274. //
  275. // IOCTL_KS_DISABLE_EVENT
  276. // KsDisableEvent does not use and touch input parameters.
  277. // So input buffer validation is not necessary.
  278. //
  280. //
  281. // IOCTL_KS_RESET_STATE
  282. // The reset request only takes a ULONG. KsAcquireResetValue safely
  283. // extracts the RESET value from the IRP.
  284. // Sysaudio cannot do any validation here, because KsAcquireResetValue
  285. // works on Input buffer directly.
  286. //
  288. //
  289. // IOCTL_KS_WRITE_STREAM
  290. // IOCTL_KS_READ_STREAM
  291. // We are not doing any validation on these.
  292. //
  293. default:
  294. Status = STATUS_NOT_FOUND;
  295. }
  297. //
  298. // If there is no validation function ValidationPropertySet, Ks
  299. // will return one of these. Even in this case buffers must have
  300. // been probed and copied to kernel.
  301. //
  302. if (Status == STATUS_NOT_FOUND || Status == STATUS_PROPSET_NOT_FOUND)
  303. {
  304. Status = STATUS_SUCCESS;
  305. }
  307. if (!NT_SUCCESS(Status))
  308. {
  309. DPF1(5, "Rejected DeviceIOCTL - %X", pIrpStack->Parameters.DeviceIoControl.IoControlCode);
  310. }
  312. return Status;
  313. } // ValidateDeviceIoControl
  315. //===========================================================================
  316. //
  317. // Return TRUE if sysaudio is interested in handling this IoControlCode
  318. // Otherwise return FALSE.
  319. //
  320. BOOL
  321. IsSysaudioIoctlCode(
  322. ULONG IoControlCode
  323. )
  324. {
  325. if (IOCTL_KS_PROPERTY == IoControlCode ||
  326. IOCTL_KS_ENABLE_EVENT == IoControlCode ||
  327. IOCTL_KS_DISABLE_EVENT == IoControlCode ||
  328. IOCTL_KS_METHOD == IoControlCode)
  329. {
  330. return TRUE;
  331. }
  333. return FALSE;
  334. } // IsSysaudioIoctlCode
  336. //===========================================================================
  337. //
  338. // SadValidateConnectionState
  339. // Check that the KSSTATE is valid.
  340. //
  341. NTSTATUS
  342. SadValidateConnectionState(
  343. IN PIRP pIrp,
  344. IN PKSPROPERTY pProperty,
  345. IN PKSSTATE pState
  346. )
  347. {
  348. ASSERT(pState);
  350. if (KSSTATE_STOP <= *pState &&
  351. KSSTATE_RUN >= *pState)
  352. {
  353. return STATUS_SUCCESS;
  354. }
  356. DPF1(5, "SadValidateConnectionState: Invalid State %d", *pState);
  357. return STATUS_INVALID_PARAMETER;
  358. } // SadValidateConnectionState
  360. //===========================================================================
  361. //
  362. // SadValidateDataFormat
  363. // Checks whether the given format is valid.
  364. //
  365. NTSTATUS
  366. SadValidateDataFormat(
  367. IN PIRP pIrp,
  368. IN PKSPROPERTY pProperty,
  369. PKSDATAFORMAT pDataFormat
  370. )
  371. {
  372. ASSERT(pDataFormat);
  374. return ValidateDataFormat(pDataFormat);
  375. } // SadValidateDataFormat
  377. //===========================================================================
  378. //
  379. // SadValidateAudioQuality
  380. // Checks if the quality is valid.
  381. //
  382. NTSTATUS
  383. SadValidateAudioQuality(
  384. IN PIRP pIrp,
  385. IN PKSPROPERTY pProperty,
  386. IN PLONG pQuality
  387. )
  388. {
  389. ASSERT(pQuality);
  391. if (KSAUDIO_QUALITY_WORST <= *pQuality &&
  392. KSAUDIO_QUALITY_ADVANCED >= *pQuality)
  393. {
  394. return STATUS_SUCCESS;
  395. }
  397. DPF1(5, "SadValidateAudioQuality: Invalid Quality %d", *pQuality);
  398. return STATUS_INVALID_PARAMETER;
  399. } // SadValidateAudioQuality
  401. //===========================================================================
  402. //
  403. // SadValidateAudioQuality
  404. // Checks if the structure is valid.
  405. //
  406. NTSTATUS
  407. SadValidateAudioMixLevelCaps(
  408. IN PIRP pIrp,
  409. IN PKSPROPERTY pProperty,
  410. IN OUT PVOID pVoid
  411. )
  412. {
  413. ASSERT(pVoid);
  414. ASSERT(pIrp->AssociatedIrp.SystemBuffer);
  416. PKSAUDIO_MIXCAP_TABLE pMixTable;
  417. PIO_STACK_LOCATION pIrpStack;
  418. ULONG ulTotalChannels;
  419. ULONG cbRequiredSize;
  421. pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
  422. pMixTable = (PKSAUDIO_MIXCAP_TABLE) pVoid;
  424. if (pMixTable->InputChannels > 10000 ||
  425. pMixTable->OutputChannels > 10000)
  426. {
  427. DPF2(5, "SadValidateAudioMixLevelCaps: Huge Channel numbers %d %d", pMixTable->InputChannels, pMixTable->OutputChannels);
  428. return STATUS_INVALID_PARAMETER;
  429. }
  431. ulTotalChannels = pMixTable->InputChannels + pMixTable->OutputChannels;
  432. if (ulTotalChannels)
  433. {
  434. cbRequiredSize =
  435. sizeof(KSAUDIO_MIXCAP_TABLE) + ulTotalChannels * sizeof(KSAUDIO_MIX_CAPS);
  436. if (cbRequiredSize <
  437. pIrpStack->Parameters.DeviceIoControl.InputBufferLength)
  438. {
  439. DPF1(5, "SadValidateAudioMixLevelCaps: Buffer too small %d",
  440. pIrpStack->Parameters.DeviceIoControl.InputBufferLength);
  441. return STATUS_BUFFER_TOO_SMALL;
  442. }
  443. }
  445. return STATUS_SUCCESS;
  446. } // SadValidateAudioMixLevelCaps
  448. //===========================================================================
  449. //
  450. // SadValidateAudioQuality
  451. // Checks if the Technique is valid.
  452. //
  453. NTSTATUS
  454. SadValidateAudioStereoEnhance(
  455. IN PIRP pIrp,
  456. IN PKSPROPERTY pProperty,
  457. IN PKSAUDIO_STEREO_ENHANCE pStereoEnhance
  458. )
  459. {
  460. ASSERT(pStereoEnhance);
  462. if (SE_TECH_NONE <= pStereoEnhance->Technique &&
  463. SE_TECH_VLSI_TECH >= pStereoEnhance->Technique)
  464. {
  465. return STATUS_SUCCESS;
  466. }
  468. DPF1(5, "SadValidateAudioStereoEnhance: Invalid Technique %d", pStereoEnhance->Technique);
  469. return STATUS_INVALID_PARAMETER;
  470. } // SadValidateAudioStereoEnhance
  472. //===========================================================================
  473. //
  474. // SadValidateAudioQuality
  475. // Checks if the quality is valid.
  476. //
  477. NTSTATUS
  478. SadValidateAudioPreferredStatus(
  479. IN PIRP pIrp,
  480. IN PKSPROPERTY pProperty,
  481. IN PKSAUDIO_PREFERRED_STATUS pPreferredStatus
  482. )
  483. {
  484. ASSERT(pPreferredStatus);
  486. if (KSPROPERTY_SYSAUDIO_NORMAL_DEFAULT <= pPreferredStatus->DeviceType &&
  487. KSPROPERTY_SYSAUDIO_MIXER_DEFAULT >= pPreferredStatus->DeviceType)
  488. {
  489. return STATUS_SUCCESS;
  490. }
  492. DPF1(5, "SadValidateAudioPreferredStatus: Invalid DeviceType %d", pPreferredStatus->DeviceType);
  493. return STATUS_INVALID_PARAMETER;
  494. } // SadValidateAudioPreferredStatus
  496. //===========================================================================
  497. //
  498. // SadValidateDataIntersection
  499. // Checks the integrity of dataranges following pPin.
  500. //
  501. NTSTATUS
  502. SadValidateDataIntersection(
  503. IN PIRP pIrp,
  504. IN PKSP_PIN pPin
  505. )
  506. {
  507. PIO_STACK_LOCATION pIrpStack;
  508. PKSMULTIPLE_ITEM pKsMultipleItem;
  509. PKSDATARANGE pKsDataRange;
  510. ULONG cbTotal;
  512. ASSERT(pIrp);
  513. ASSERT(pPin);
  515. pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
  516. pKsMultipleItem = (PKSMULTIPLE_ITEM) (pPin + 1);
  517. pKsDataRange = (PKSDATARANGE) (pKsMultipleItem + 1);
  518. cbTotal = pKsMultipleItem->Size - sizeof(KSMULTIPLE_ITEM);
  520. //
  521. // Make sure that the Irp Input Size is valid. Basically
  522. // InputBufferLength must be greater or equal to
  523. // KSP_PIN + MULTIPLE_ITEM.Size
  524. //
  525. if (pIrpStack->Parameters.DeviceIoControl.InputBufferLength - sizeof(KSP_PIN) <
  526. pKsMultipleItem->Size)
  527. {
  528. DPF(5, "SadValidateDataIntersection: InputBuffer too small");
  529. return STATUS_INVALID_BUFFER_SIZE;
  530. }
  532. //
  533. // Make sure that the MULTIPLE_ITEM contains at least one DATARANGE.
  534. //
  535. if (cbTotal < sizeof(KSDATARANGE))
  536. {
  537. DPF(5, "SadValidateDataIntersection: Not enough data for datarange");
  538. return STATUS_INVALID_BUFFER_SIZE;
  539. }
  541. for (ULONG ii = 0; ii < pKsMultipleItem->Count; ii++)
  542. {
  543. //
  544. // Check if we can touch the FormatSize field.
  545. // Check if we the next data-range is fully available.
  546. //
  547. if (cbTotal < sizeof(ULONG) ||
  548. cbTotal < pKsDataRange->FormatSize ||
  549. pKsDataRange->FormatSize < sizeof(KSDATARANGE))
  550. {
  551. DPF3(5, "SadValidateDataIntersection: Not enough data for datarange %d %d %d", ii, pKsDataRange->FormatSize, cbTotal);
  552. return STATUS_INVALID_BUFFER_SIZE;
  553. }
  555. //
  556. // Check if the MajorFormat and size are consistent.
  557. //
  558. if (IsEqualGUID(&pKsDataRange->MajorFormat, &KSDATAFORMAT_TYPE_AUDIO))
  559. {
  560. if (pKsDataRange->FormatSize < sizeof(KSDATARANGE_AUDIO))
  561. {
  562. DPF(5, "SadValidateDataIntersection: InputBuffer too small for AUDIO");
  563. return STATUS_INVALID_BUFFER_SIZE;
  564. }
  565. }
  567. //
  568. // Set next data range.
  569. //
  570. cbTotal -= pKsDataRange->FormatSize;
  571. pKsDataRange = (PKSDATARANGE) ( ((PBYTE) pKsDataRange) + pKsDataRange->FormatSize );
  572. }
  574. //
  575. // SECURITY NOTE:
  576. // We are not checking the output buffer integrity. The underlying drivers
  577. // are responsible for checking the size of the output buffer, based on
  578. // the result of the intersection.
  579. //
  581. return STATUS_SUCCESS;
  582. } // SadValidateDataIntersection