Ros-dev

ros-dev@reactos.org

5790 discussions

Another NDIS bug fix.
by Jerry 24 Jan '06

24 Jan '06

Inproved the implimentation of NdisWriteConfiguration(), by Crashfourit. Index: drivers/net/ndis/ndis/config.c =================================================================== --- drivers/net/ndis/ndis/config.c (revision 21005) +++ drivers/net/ndis/ndis/config.c (working copy) @@ -66,6 +66,18 @@ ULONG ParameterType = ParameterValue->ParameterType; ULONG DataSize; PVOID Data; + + /* + The next few lines of code before teh first if statement are used when + ParameterType equals NdisParameterHexInteger or NdisParameterInteger. + This is done so that Buff can be used beyond the switch statement. + */ + UNICODE_STRING buff; + WCHAR str[25]; + + Buff->Length=0; + Buff->MaximumLength = sizeof(str) / sizeof(str[0]); + Buff->Buffer=str; if(ParameterType != NdisParameterInteger && ParameterType != NdisParameterHexInteger && @@ -81,12 +93,29 @@ /* reset parameter type to standard reg types */ switch(ParameterType) { - /* TODO: figure out what do do with these; are they different? */ + /* + TODO: figure out what do do with these; are they different? + Done by Crashfourit + */ case NdisParameterHexInteger: - case NdisParameterInteger: - ParameterType = REG_SZ; - Data = &ParameterValue->ParameterData.IntegerData; - DataSize = sizeof(ULONG); + case NdisParameterInteger: + { + if (!NT_SUCCESS(RtlIntegerToUnicodeString( + ParameterValue->ParameterData.IntegerData, + ( ParameterType == NdisParameterHexInteger ) ? 16 : 10, + &buff)) + ) + { + *Status = NDIS_STATUS_FAILURE; + return; + } + else + { + ParameterType = REG_SZ; + Data = &Buff->Buffer; + DataSize = Buff->Length; + } + } break; case NdisParameterString:

1 0

Keyboard Lights
by James Tabor 23 Jan '06

23 Jan '06

Hi all, Has anyone noticed the keyboard lights not working. I guess sometime around first part of December. Thanks, James

3 2

Code Auditing Questions
by M Bealby 23 Jan '06

23 Jan '06

Hey all, As my exams are now over I will hopefully be having more free time available to put into ReactOS security. I would like to perform a security audit of the code base. I've jotted down a few thoughts and suggestions of mine below and would appreciate feedback on them. Methodology I hope to work on the kernel mode code first, working up through the layers up to application API level code. I feel this is the best method because, as it has been mentioned before to me on IRC / email , some functions canot check the parameters that are passed down to lower functions. I understand the following code to run in kernel mode: /lib/rtl/ /lib/string/ /lib/kjs/ /lib/freetype/ /lib/pseh/ /hal/ /drivers/ /subsys/win32k/ /ntoskrnl/ If you know of any more please let me know. I was thinking of checking out an entire svn revision and updating only after I had checked an entire library. What do other people think on this? I will predominatly be working just from the code source, but after playing around with Doxygen I have found it to be incredibly useful for quick referencing typedefs and function parameter calls. What am I looking for? I am only a single person, so code auditing will be a slow process at the moment. I wish to check for the following vulnerabilities: Incorrect null termination. Buffer overflows. Premature termination. Lack of input validation. Bad calculations. Off by one / few. Personally I feel this list of six common vulnerability types should be enough to thwart the most common of attacks, but if anyone else feels some other class of vulnerability is missing from the list please let me know. Obviously if I find any other bugs then they will be reported as well. Reporting of errors? How should I go about reporting the errors? I was previously told to report all occasions of the incorrect uses of the RtlAllocateHeap function under the same bug number (no 1110, some still unfixed). Is this the preferred method for my code auditing results? I would like to submit the bugs as quickly as possible, so I can keep my working tree as close to possible to head, but this may mean submitting multiple bug reports for the same problem. I think that the best option is to submit similar bugs in the same module under the same report, but open a new bug if the same vulnerability occurs in another module. Thoughts? These are just some of my ideas that are floating around in my head at the moment. I would welcome all feedback on this matter and I think I may create a wiki page with the same information on. Again, thoughts on this would be nice as I haven't really used wiki's before. Cheers, Martin

4 4

New patch for NDIS:config.c
by Jerry 23 Jan '06

23 Jan '06

I noticed that the implimentation of NdisReadConfiguration() is slightly off, so I fixed it. The reason why this was so is located in the diff as a comment. Thanks. Index: drivers/net/ndis/ndis/config.c =================================================================== --- drivers/net/ndis/ndis/config.c (revision 20999) +++ drivers/net/ndis/ndis/config.c (working copy) @@ -493,8 +493,17 @@ str.Buffer = (PWCHAR)KeyInformation->Data; (*ParameterValue)->ParameterType = ParameterType; - *Status = RtlUnicodeStringToInteger(&str, 16, &(*ParameterValue)->ParameterData.IntegerData); + + /* + If ParameterType is NdisParameterInteger then the base of str is decimal. + If ParameterType is NdisParameterHexInteger then the base of str is hexadecimal. + */ + if (ParameterType == NdisParameterInteger) + *Status = RtlUnicodeStringToInteger(&str, 10, &(*ParameterValue)->ParameterData.IntegerData); + else if (ParameterType == NdisParameterHexInteger) + *Status = RtlUnicodeStringToInteger(&str, 16, &(*ParameterValue)->ParameterData.IntegerData); ExFreePool(KeyInformation); if(*Status != STATUS_SUCCESS)

1 0

Re: [ros-svn] [weiden] 20972: fixed compiling
by James Tabor 22 Jan '06

22 Jan '06

weiden(a)svn.reactos.org wrote: > fixed compiling > > > Updated files: > trunk/reactos/lib/gdi32/objects/font.c > Oops, sorry about that, thanks, James

1 0

Re: [ros-diffs] [greatlrd] 20960: corret a member name in DD_SURFACECALLBACKS so it is same as ddk
by Royce Mitchell III 21 Jan '06

21 Jan '06

greatlrd(a)svn.reactos.org wrote: >corret a member name in DD_SURFACECALLBACKS so it is same as ddk > >Modified: trunk/reactos/w32api/include/ddk/ddrawint.h > > > ------------------------------------------------------------------------ > *Modified: trunk/reactos/w32api/include/ddk/ddrawint.h* > >--- trunk/reactos/w32api/include/ddk/ddrawint.h 2006-01-21 02:19:27 UTC (rev 20959) >+++ trunk/reactos/w32api/include/ddk/ddrawint.h 2006-01-21 14:22:17 UTC (rev 20960) >@@ -421,7 +421,7 @@ > > PDD_SURFCB_GETFLIPSTATUS GetFlipStatus; > PDD_SURFCB_UPDATEOVERLAY UpdateOverlay; > PDD_SURFCB_SETOVERLAYPOSITION SetOverlayPosition; > > >- PVOID Reserved; > > >+ PVOID reserved4; > > > PDD_SURFCB_SETPALETTE SetPalette; > } DD_SURFACECALLBACKS, *PDD_SURFACECALLBACKS; > > > why is this necessary?

2 1

Re: [ros-svn] [mbosma] 20952: Delete libjpeg because sedwards and greatlord thought we should wait with jpeg support until the patent expired. If someone got a different opinion please take the issue to ros-dev.
by mf 20 Jan '06

20 Jan '06

Hi folks, > Delete libjpeg because sedwards and greatlord thought we should wait with jpeg support until the patent expired. If someone got a different opinion please take the issue to ros-dev. > > > Deleted files: > vendor/libjpeg/ I hereby "take the issue to ros-dev", because I have a different opinion. ReactOS is filled with patented (to more and lesser extent, ranging from SEH to scrollbars, I kid you not) features, and I believe it is hypocritical to simply remove one of them. I don't know the details on the libjpeg patent, but I do know that linux distributions use libjpeg as well, and I haven't seen them remove it yet. I officially request a vote to revert this commit. Thanks for reading, mf.

5 6

So long and thanks for all the code ing
by David Johnson 20 Jan '06

20 Jan '06

Does this mean the ROS is going to die a violent death? No hope for a real alternative to M$ Windoze? I am really looking forward to Version # 1.0.0 of ROS in both x86 and PPC. People we (you devs) need to stick togather. Become a team! People are counting on YOU! ROS-PPC + Open Workstation Computing platform. = Power to the People! If you have to become 90% WinOS compatable then so be it! 90% is better than 0% XP apps can be ported to ROS. Maybe GvG and WD will come back if ROS went in this direction. Port Linux GNU code if you have to. Lets get a new GUI and a Integrated sound system. Use a open file system not FAT. Write a translator for FAT. -- David Johnson Voice Talent http://www.davefilms.us DaveFilms Digital Media - Audio [TM] Producer , Writer, Production Director/ Designer

3 3

Re: Bye bye (Lucio Diaz)
by Lucio Diaz 20 Jan '06

20 Jan '06

The solution is quite easy, is Harmut believes the code could have implemented another way, unrelated to the microsoft way, i propouse that Alex gives him the documentation and Harmut does write the code. Either if Harmut manages to make a quite diferent code for that piece of reactos, or is proved that there is no other way of writing the code Reactos developers can be safe about that particular code. And just an advice, it seems you MUST meet each other face to face, to know each other (a few beers would help) and get a working relationship.I believe there is no need of theatral posts and the such, disagreements is habitual when there is more that one person, but flaming, bashing or threatening is not the solution. Talking is. Take it easy, Lucio Diaz. ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com

1 0

Bye bye
by Hartmut Birr 20 Jan '06

20 Jan '06

Hi, I'm leaving the ReactOS project. The goals of some developers don't match my goals. Bye bye Hartmut

18 38

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-dev