Best regards,
Alex Ionescu

On Mon, Sep 5, 2011 at 4:05 PM, <fireball@svn.reactos.org> wrote:

Author: fireball
Date: Mon Sep 5 15:05:56 2011
New Revision: 53599

URL: http://svn.reactos.org/svn/reactos?rev=53599&view=rev
Log:
[NTOS]
- Fix IoCheckEaBufferValidity (IntEaLength must be signed, otherwise loop exiting condition may not trigger).
- SEH-protect ObQueryNameString (by Dmitry Chapyshev's request).

Modified:
trunk/reactos/ntoskrnl/io/iomgr/util.c
trunk/reactos/ntoskrnl/ob/obname.c

Modified: trunk/reactos/ntoskrnl/io/iomgr/util.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/util.c?rev=53599&r1=53598&r2=53599&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/util.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/util.c [iso-8859-1] Mon Sep 5 15:05:56 2011
@@ -166,7 +166,8 @@
OUT PULONG ErrorOffset)
{
PFILE_FULL_EA_INFORMATION EaBufferEnd;
- ULONG NextEaBufferOffset, IntEaLength;
+ ULONG NextEaBufferOffset;
+ LONG IntEaLength;

PAGED_CODE();

Modified: trunk/reactos/ntoskrnl/ob/obname.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obname.c?rev=53599&r1=53598&r2=53599&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ob/obname.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ob/obname.c [iso-8859-1] Mon Sep 5 15:05:56 2011
@@ -986,6 +986,7 @@
ULONG NameSize;
PWCH ObjectName;
BOOLEAN ObjectIsNamed;
+ NTSTATUS Status = STATUS_SUCCESS;

/* Get the Kernel Meta-Structures */
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
@@ -994,28 +995,57 @@
/* Check if a Query Name Procedure is available */
if (ObjectHeader->Type->TypeInfo.QueryNameProcedure)
{
- /* Call the procedure */
+ /* Call the procedure inside SEH */
ObjectIsNamed = ((LocalInfo) && (LocalInfo->Name.Length > 0));
- return ObjectHeader->Type->TypeInfo.QueryNameProcedure(Object,
+
+ _SEH2_TRY
+ {
+ Status = ObjectHeader->Type->TypeInfo.QueryNameProcedure(Object,
ObjectIsNamed,
ObjectNameInfo,
Length,
ReturnLength,
KernelMode);
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Return the exception code */
+ Status = _SEH2_GetExceptionCode();
+ }
+ _SEH2_END;
+
+ return Status;
}

/* Check if the object doesn't even have a name */
if (!(LocalInfo) || !(LocalInfo->Name.Buffer))
{
- /* We're returning the name structure */
- *ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
-
- /* Check if we were given enough space */
- if (*ReturnLength > Length) return STATUS_INFO_LENGTH_MISMATCH;
-
- /* Return an empty buffer */
- RtlInitEmptyUnicodeString(&ObjectNameInfo->Name, NULL, 0);
- return STATUS_SUCCESS;
+ Status = STATUS_SUCCESS;
+
+ _SEH2_TRY
+ {
+ /* We're returning the name structure */
+ *ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
+
+ /* Check if we were given enough space */
+ if (*ReturnLength > Length)
+ {
+ Status = STATUS_INFO_LENGTH_MISMATCH;
+ }
+ else
+ {
+ /* Return an empty buffer */
+ RtlInitEmptyUnicodeString(&ObjectNameInfo->Name, NULL, 0);
+ }
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Return the exception code */
+ Status = _SEH2_GetExceptionCode();
+ }
+ _SEH2_END;
+
+ return Status;
}

/*
@@ -1025,126 +1055,136 @@
* enough right at the beginning, not work our way through
* and find out at the end
*/
- if (Object == ObpRootDirectoryObject)
- {
- /* Size of the '\' string */
- NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR);
- }
- else
- {
- /* Get the Object Directory and add name of Object */
- ParentDirectory = LocalInfo->Directory;
- NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR) + LocalInfo->Name.Length;
-
- /* Loop inside the directory to get the top-most one (meaning root) */
- while ((ParentDirectory != ObpRootDirectoryObject) && (ParentDirectory))
- {
- /* Get the Name Information */
- LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
- OBJECT_TO_OBJECT_HEADER(ParentDirectory));
-
- /* Add the size of the Directory Name */
- if (LocalInfo && LocalInfo->Directory)
- {
- /* Size of the '\' string + Directory Name */
- NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) +
- LocalInfo->Name.Length;
-
- /* Move to next parent Directory */
- ParentDirectory = LocalInfo->Directory;
- }
- else
- {
- /* Directory with no name. We append "...\" */
- NameSize += sizeof(L"...") + sizeof(OBJ_NAME_PATH_SEPARATOR);
- break;
- }
- }
- }
-
- /* Finally, add the name of the structure and the null char */
- *ReturnLength = NameSize +
- sizeof(OBJECT_NAME_INFORMATION) +
- sizeof(UNICODE_NULL);
-
- /* Check if we were given enough space */
- if (*ReturnLength > Length) return STATUS_INFO_LENGTH_MISMATCH;
-
- /*
- * Now we will actually create the name. We work backwards because
- * it's easier to start off from the Name we have and walk up the
- * parent directories. We use the same logic as Name Length calculation.
- */
- LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
- ObjectName = (PWCH)((ULONG_PTR)ObjectNameInfo + *ReturnLength);
- *--ObjectName = UNICODE_NULL;
-
- /* Check if the object is actually the Root directory */
- if (Object == ObpRootDirectoryObject)
- {
- /* This is already the Root Directory, return "\\" */
- *--ObjectName = OBJ_NAME_PATH_SEPARATOR;
- ObjectNameInfo->Name.Length = (USHORT)NameSize;
- ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
- sizeof(UNICODE_NULL));
- ObjectNameInfo->Name.Buffer = ObjectName;
- return STATUS_SUCCESS;
- }
- else
- {
- /* Start by adding the Object's Name */
- ObjectName = (PWCH)((ULONG_PTR)ObjectName -
- LocalInfo->Name.Length);
- RtlCopyMemory(ObjectName,
- LocalInfo->Name.Buffer,
- LocalInfo->Name.Length);
-
- /* Now parse the Parent directories until we reach the top */
- ParentDirectory = LocalInfo->Directory;
- while ((ParentDirectory != ObpRootDirectoryObject) && (ParentDirectory))
- {
- /* Get the name information */
- LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
- OBJECT_TO_OBJECT_HEADER(ParentDirectory));
-
- /* Add the "\" */
+ _SEH2_TRY
+ {
+ if (Object == ObpRootDirectoryObject)
+ {
+ /* Size of the '\' string */
+ NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR);
+ }
+ else
+ {
+ /* Get the Object Directory and add name of Object */
+ ParentDirectory = LocalInfo->Directory;
+ NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR) + LocalInfo->Name.Length;
+
+ /* Loop inside the directory to get the top-most one (meaning root) */
+ while ((ParentDirectory != ObpRootDirectoryObject) && (ParentDirectory))
+ {
+ /* Get the Name Information */
+ LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
+ OBJECT_TO_OBJECT_HEADER(ParentDirectory));
+
+ /* Add the size of the Directory Name */
+ if (LocalInfo && LocalInfo->Directory)
+ {
+ /* Size of the '\' string + Directory Name */
+ NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) +
+ LocalInfo->Name.Length;
+
+ /* Move to next parent Directory */
+ ParentDirectory = LocalInfo->Directory;
+ }
+ else
+ {
+ /* Directory with no name. We append "...\" */
+ NameSize += sizeof(L"...") + sizeof(OBJ_NAME_PATH_SEPARATOR);
+ break;
+ }
+ }
+ }
+
+ /* Finally, add the name of the structure and the null char */
+ *ReturnLength = NameSize +
+ sizeof(OBJECT_NAME_INFORMATION) +
+ sizeof(UNICODE_NULL);
+
+ /* Check if we were given enough space */
+ if (*ReturnLength > Length) _SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
+
+ /*
+ * Now we will actually create the name. We work backwards because
+ * it's easier to start off from the Name we have and walk up the
+ * parent directories. We use the same logic as Name Length calculation.
+ */
+ LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
+ ObjectName = (PWCH)((ULONG_PTR)ObjectNameInfo + *ReturnLength);
+ *--ObjectName = UNICODE_NULL;
+
+ /* Check if the object is actually the Root directory */
+ if (Object == ObpRootDirectoryObject)
+ {
+ /* This is already the Root Directory, return "\\" */
+ *--ObjectName = OBJ_NAME_PATH_SEPARATOR;
+ ObjectNameInfo->Name.Length = (USHORT)NameSize;
+ ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
+ sizeof(UNICODE_NULL));
+ ObjectNameInfo->Name.Buffer = ObjectName;
+ _SEH2_YIELD(return STATUS_SUCCESS);
+ }
+ else
+ {
+ /* Start by adding the Object's Name */
+ ObjectName = (PWCH)((ULONG_PTR)ObjectName -
+ LocalInfo->Name.Length);
+ RtlCopyMemory(ObjectName,
+ LocalInfo->Name.Buffer,
+ LocalInfo->Name.Length);
+
+ /* Now parse the Parent directories until we reach the top */
+ ParentDirectory = LocalInfo->Directory;
+ while ((ParentDirectory != ObpRootDirectoryObject) && (ParentDirectory))
+ {
+ /* Get the name information */
+ LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
+ OBJECT_TO_OBJECT_HEADER(ParentDirectory));
+
+ /* Add the "\" */
+ *(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
+
+ /* Add the Parent Directory's Name */
+ if (LocalInfo && LocalInfo->Name.Buffer)
+ {
+ /* Add the name */
+ ObjectName = (PWCH)((ULONG_PTR)ObjectName -
+ LocalInfo->Name.Length);
+ RtlCopyMemory(ObjectName,
+ LocalInfo->Name.Buffer,
+ LocalInfo->Name.Length);
+
+ /* Move to next parent */
+ ParentDirectory = LocalInfo->Directory;
+ }
+ else
+ {
+ /* Directory without a name, we add "..." */
+ ObjectName = (PWCH)((ULONG_PTR)ObjectName -
+ sizeof(L"...") +
+ sizeof(UNICODE_NULL));
+ RtlCopyMemory(ObjectName,
+ L"...",
+ sizeof(L"...") + sizeof(UNICODE_NULL));
+ break;
+ }
+ }
+
+ /* Add Root Directory Name */
*(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
-
- /* Add the Parent Directory's Name */
- if (LocalInfo && LocalInfo->Name.Buffer)
- {
- /* Add the name */
- ObjectName = (PWCH)((ULONG_PTR)ObjectName -
- LocalInfo->Name.Length);
- RtlCopyMemory(ObjectName,
- LocalInfo->Name.Buffer,
- LocalInfo->Name.Length);
-
- /* Move to next parent */
- ParentDirectory = LocalInfo->Directory;
- }
- else
- {
- /* Directory without a name, we add "..." */
- ObjectName = (PWCH)((ULONG_PTR)ObjectName -
- sizeof(L"...") + sizeof(UNICODE_NULL));
- RtlCopyMemory(ObjectName,
- L"...",
- sizeof(L"...") + sizeof(UNICODE_NULL));
- break;
- }
- }
-
- /* Add Root Directory Name */
- *(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
- ObjectNameInfo->Name.Length = (USHORT)NameSize;
- ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
- sizeof(UNICODE_NULL));
- ObjectNameInfo->Name.Buffer = ObjectName;
- }
+ ObjectNameInfo->Name.Length = (USHORT)NameSize;
+ ObjectNameInfo->Name.MaximumLength =
+ (USHORT)(NameSize + sizeof(UNICODE_NULL));
+ ObjectNameInfo->Name.Buffer = ObjectName;
+ }
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Return the exception code */
+ Status = _SEH2_GetExceptionCode();
+ }
+ _SEH2_END;

/* Return success */
- return STATUS_SUCCESS;
+ return Status;
}

VOID