From f85c2155297cb0ab3e7392bd57b70c5959b4b7a6 Mon Sep 17 00:00:00 2001
From: Nodir Temirkhodjaev <nodir.temir@gmail.com>
Date: Fri, 14 Jan 2022 11:31:07 +0300
Subject: [PATCH] Driver: PsTree: Check service name's length

---
 src/driver/fortps.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/driver/fortps.c b/src/driver/fortps.c
index 2b935523..c802a139 100644
--- a/src/driver/fortps.c
+++ b/src/driver/fortps.c
@@ -5,6 +5,22 @@
 #include "fortcb.h"
 #include "fortutl.h"
 
+#define FORT_PSTREE_NAME_LEN_MAX (64 * sizeof(WCHAR))
+
+typedef struct fort_psnode
+{
+    UINT16 next_index;
+    UINT16 prev_index;
+
+    UINT16 parent_index;
+    UINT16 child_index;
+
+    UINT16 name_index;
+    UINT16 flags;
+
+    UINT32 process_id;
+} FORT_PSNODE, *PFORT_PSNODE;
+
 static BOOL fort_pstree_svchost_check(
         PCUNICODE_STRING path, PCUNICODE_STRING commandLine, PUNICODE_STRING serviceName)
 {
@@ -32,8 +48,12 @@ static BOOL fort_pstree_svchost_check(
         endp = (PCWCHAR) ((PCHAR) commandLine->Buffer + commandLine->Length);
     }
 
-    serviceName->Length = (USHORT) ((PCHAR) endp - (PCHAR) argp);
-    serviceName->MaximumLength = serviceName->Length;
+    const USHORT nameLen = (USHORT) ((PCHAR) endp - (PCHAR) argp);
+    if (nameLen >= FORT_PSTREE_NAME_LEN_MAX)
+        return FALSE;
+
+    serviceName->Length = nameLen;
+    serviceName->MaximumLength = nameLen;
     serviceName->Buffer = argp;
 
     return TRUE;