Ros-diffs May 2019

ros-diffs@reactos.org

17 participants
165 discussions

[reactos] 01/01: [NTOS:CM] Check for correct status from ZwQueryObject. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d3fa3b0ca2005fddc2eed… commit d3fa3b0ca2005fddc2eeda221f76bdb75a56937f Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Sun May 5 17:56:10 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 17:57:12 2019 +0200 [NTOS:CM] Check for correct status from ZwQueryObject. CORE-15882 Fixes regression in ntdll_apitest:NtLoadUnloadKey from d570482bc72. --- ntoskrnl/config/cmhvlist.c | 2 +- ntoskrnl/config/cmlazy.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/config/cmhvlist.c b/ntoskrnl/config/cmhvlist.c index 8a4009303d..b9ebb8fd4e 100644 --- a/ntoskrnl/config/cmhvlist.c +++ b/ntoskrnl/config/cmhvlist.c @@ -178,7 +178,7 @@ CmpAddToHiveFileList(IN PCMHIVE Hive) NULL, 0, &Length); - if (Status != STATUS_BUFFER_TOO_SMALL) + if (Status != STATUS_INFO_LENGTH_MISMATCH) { DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status); goto Quickie; diff --git a/ntoskrnl/config/cmlazy.c b/ntoskrnl/config/cmlazy.c index 9376076652..a8526e5b27 100644 --- a/ntoskrnl/config/cmlazy.c +++ b/ntoskrnl/config/cmlazy.c @@ -302,7 +302,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, NULL, 0, &Length); - if (Status != STATUS_BUFFER_TOO_SMALL) + if (Status != STATUS_INFO_LENGTH_MISMATCH) { DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status); return Status;

5 years, 4 months

[reactos] 01/01: [POWERCFG] Really fix the power schemes exceptions!

by Eric Kohl

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b5e6280a7247b7838777a… commit b5e6280a7247b7838777a095665189ffbda56412 Author: Eric Kohl <eric.kohl(a)reactos.org> AuthorDate: Sun May 5 17:00:57 2019 +0200 Commit: Eric Kohl <eric.kohl(a)reactos.org> CommitDate: Sun May 5 17:05:59 2019 +0200 [POWERCFG] Really fix the power schemes exceptions! --- dll/cpl/powercfg/powershemes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dll/cpl/powercfg/powershemes.c b/dll/cpl/powercfg/powershemes.c index 7654f1758c..dfebc9606e 100644 --- a/dll/cpl/powercfg/powershemes.c +++ b/dll/cpl/powercfg/powershemes.c @@ -715,8 +715,8 @@ PowerSchemesDlgProc( { case WM_INITDIALOG: pPageData = (PPOWER_SCHEMES_PAGE_DATA)HeapAlloc(GetProcessHeap(), - 0, - sizeof(PPOWER_SCHEMES_PAGE_DATA)); + HEAP_ZERO_MEMORY, + sizeof(POWER_SCHEMES_PAGE_DATA)); SetWindowLongPtr(hwndDlg, DWLP_USER, (LONG_PTR)pPageData); BuildSchemesList(pPageData);

5 years, 4 months

[reactos] 01/01: [KERNEL32] Rewrite QueryDosDeviceW to handle global and local MS-DOS namespaces

by Pierre Schweitzer

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5d20d512beed5b3bdd10f… commit 5d20d512beed5b3bdd10f3d5af525d780cd0e7d9 Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Sun May 5 14:18:09 2019 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Sun May 5 14:18:09 2019 +0200 [KERNEL32] Rewrite QueryDosDeviceW to handle global and local MS-DOS namespaces It also comes with a small performance boost: instead of performing object queries one after another, we query them all at once. --- dll/win32/kernel32/client/dosdev.c | 653 +++++++++++++++++++++++++++++++------ 1 file changed, 560 insertions(+), 93 deletions(-) diff --git a/dll/win32/kernel32/client/dosdev.c b/dll/win32/kernel32/client/dosdev.c index b32d434195..67fd60859d 100644 --- a/dll/win32/kernel32/client/dosdev.c +++ b/dll/win32/kernel32/client/dosdev.c @@ -4,6 +4,7 @@ * FILE: dll/win32/kernel32/client/dosdev.c * PURPOSE: Dos device functions * PROGRAMMER: Ariadne (ariadne(a)xs4all.nl) + * Pierre Schweitzer * UPDATE HISTORY: * Created 01/11/98 */ @@ -19,6 +20,142 @@ DEBUG_CHANNEL(kernel32file); /* FUNCTIONS *****************************************************************/ +/* + * @implemented + */ +NTSTATUS +IsGlobalDeviceMap( + HANDLE DirectoryHandle, + PBOOLEAN IsGlobal) +{ + NTSTATUS Status; + DWORD ReturnLength; + UNICODE_STRING GlobalString; + OBJECT_NAME_INFORMATION NameInfo, *PNameInfo; + + /* We need both parameters */ + if (DirectoryHandle == 0 || IsGlobal == NULL) + { + return STATUS_INVALID_PARAMETER; + } + + PNameInfo = NULL; + _SEH2_TRY + { + /* Query handle information */ + Status = NtQueryObject(DirectoryHandle, + ObjectNameInformation, + &NameInfo, + 0, + &ReturnLength); + /* Only failure we tolerate is length mismatch */ + if (NT_SUCCESS(Status) || Status == STATUS_INFO_LENGTH_MISMATCH) + { + /* Allocate big enough buffer */ + PNameInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, ReturnLength); + if (PNameInfo == NULL) + { + Status = STATUS_NO_MEMORY; + _SEH2_LEAVE; + } + + /* Query again handle information */ + Status = NtQueryObject(DirectoryHandle, + ObjectNameInformation, + PNameInfo, + ReturnLength, + &ReturnLength); + + /* + * If it succeed, check we have Global?? + * If so, return success + */ + if (NT_SUCCESS(Status)) + { + RtlInitUnicodeString(&GlobalString, L"\\GLOBAL??"); + *IsGlobal = RtlEqualUnicodeString(&GlobalString, &PNameInfo->Name, FALSE); + Status = STATUS_SUCCESS; + } + + + } + } + _SEH2_FINALLY + { + if (PNameInfo != NULL) + { + RtlFreeHeap(RtlGetProcessHeap(), 0, PNameInfo); + } + } + _SEH2_END; + + return Status; +} + +/* + * @implemented + */ +DWORD +FindSymbolicLinkEntry( + PWSTR NameToFind, + PWSTR NamesList, + DWORD TotalEntries, + PBOOLEAN Found) +{ + WCHAR Current; + DWORD Entries; + PWSTR PartialNamesList; + + /* We need all parameters to be set */ + if (NameToFind == NULL || NamesList == NULL || Found == NULL) + { + return ERROR_INVALID_PARAMETER; + } + + /* Assume failure */ + *Found = FALSE; + + /* If no entries, job done, nothing found */ + if (TotalEntries == 0) + { + return ERROR_SUCCESS; + } + + /* Start browsing the names list */ + Entries = 0; + PartialNamesList = NamesList; + /* As long as we didn't find the name... */ + while (wcscmp(NameToFind, PartialNamesList) != 0) + { + /* We chomped an entry! */ + ++Entries; + + /* We're out of entries, bail out not to overrun */ + if (Entries > TotalEntries) + { + /* + * Even though we found nothing, + * the function ran fine + */ + return ERROR_SUCCESS; + } + + /* Jump to the next string */ + do + { + Current = *PartialNamesList; + ++PartialNamesList; + } while (Current != UNICODE_NULL); + } + + /* + * We're here because the loop stopped: + * it means we found the name in the list + */ + *Found = TRUE; + return ERROR_SUCCESS; +} + /* * @implemented */ @@ -381,19 +518,17 @@ QueryDosDeviceW( DWORD ucchMax ) { - POBJECT_DIRECTORY_INFORMATION DirInfo; - OBJECT_ATTRIBUTES ObjectAttributes; - UNICODE_STRING UnicodeString; - HANDLE DirectoryHandle; - HANDLE DeviceHandle; - ULONG ReturnLength; - ULONG NameLength; - ULONG Length; - ULONG Context; - BOOLEAN RestartScan; - NTSTATUS Status; - UCHAR Buffer[512]; PWSTR Ptr; + PVOID Buffer; + NTSTATUS Status; + USHORT i, TotalEntries; + UNICODE_STRING UnicodeString; + OBJECT_ATTRIBUTES ObjectAttributes; + HANDLE DirectoryHandle, DeviceHandle; + BOOLEAN IsGlobal, GlobalNeeded, Found; + POBJECT_DIRECTORY_INFORMATION DirInfo; + OBJECT_DIRECTORY_INFORMATION NullEntry = {{0}}; + ULONG ReturnLength, NameLength, Length, Context, BufferLength; /* Open the '\??' directory */ RtlInitUnicodeString(&UnicodeString, L"\\??"); @@ -412,123 +547,455 @@ QueryDosDeviceW( return 0; } - Length = 0; - - if (lpDeviceName != NULL) + Buffer = NULL; + _SEH2_TRY { - /* Open the lpDeviceName link object */ - RtlInitUnicodeString(&UnicodeString, (PWSTR)lpDeviceName); - InitializeObjectAttributes(&ObjectAttributes, - &UnicodeString, - OBJ_CASE_INSENSITIVE, - DirectoryHandle, - NULL); - Status = NtOpenSymbolicLinkObject(&DeviceHandle, - SYMBOLIC_LINK_QUERY, - &ObjectAttributes); - if (!NT_SUCCESS(Status)) + if (lpDeviceName != NULL) { - WARN("NtOpenSymbolicLinkObject() failed (Status %lx)\n", Status); - NtClose(DirectoryHandle); - BaseSetLastNTError(Status); - return 0; - } + /* Open the lpDeviceName link object */ + RtlInitUnicodeString(&UnicodeString, lpDeviceName); + InitializeObjectAttributes(&ObjectAttributes, + &UnicodeString, + OBJ_CASE_INSENSITIVE, + DirectoryHandle, + NULL); + Status = NtOpenSymbolicLinkObject(&DeviceHandle, + SYMBOLIC_LINK_QUERY, + &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + WARN("NtOpenSymbolicLinkObject() failed (Status %lx)\n", Status); + _SEH2_LEAVE; + } - /* Query link target */ - UnicodeString.Length = 0; - UnicodeString.MaximumLength = (USHORT)ucchMax * sizeof(WCHAR); - UnicodeString.Buffer = lpTargetPath; - - ReturnLength = 0; - Status = NtQuerySymbolicLinkObject(DeviceHandle, - &UnicodeString, - &ReturnLength); - NtClose(DeviceHandle); - NtClose(DirectoryHandle); - if (!NT_SUCCESS(Status)) - { - WARN("NtQuerySymbolicLinkObject() failed (Status %lx)\n", Status); - BaseSetLastNTError(Status); - return 0; - } + /* + * Make sure we don't overrun the output buffer, so convert our DWORD + * size to USHORT size properly + */ + Length = (ucchMax <= MAXULONG / sizeof(WCHAR)) ? (ucchMax * sizeof(WCHAR)) : MAXULONG; + + /* Query link target */ + UnicodeString.Length = 0; + UnicodeString.MaximumLength = Length <= MAXUSHORT ? Length : MAXUSHORT; + UnicodeString.Buffer = lpTargetPath; + + ReturnLength = 0; + Status = NtQuerySymbolicLinkObject(DeviceHandle, + &UnicodeString, + &ReturnLength); + NtClose(DeviceHandle); + if (!NT_SUCCESS(Status)) + { + WARN("NtQuerySymbolicLinkObject() failed (Status %lx)\n", Status); + _SEH2_LEAVE; + } - TRACE("ReturnLength: %lu\n", ReturnLength); - TRACE("TargetLength: %hu\n", UnicodeString.Length); - TRACE("Target: '%wZ'\n", &UnicodeString); + TRACE("ReturnLength: %lu\n", ReturnLength); + TRACE("TargetLength: %hu\n", UnicodeString.Length); + TRACE("Target: '%wZ'\n", &UnicodeString); - Length = UnicodeString.Length / sizeof(WCHAR); - if (Length < ucchMax) - { - /* Append null-character */ - lpTargetPath[Length] = UNICODE_NULL; - Length++; + Length = ReturnLength / sizeof(WCHAR); + /* Make sure we null terminate output buffer */ + if (Length == 0 || lpTargetPath[Length - 1] != UNICODE_NULL) + { + if (Length >= ucchMax) + { + TRACE("Buffer is too small\n"); + Status = STATUS_BUFFER_TOO_SMALL; + _SEH2_LEAVE; + } + + /* Append null-character */ + lpTargetPath[Length] = UNICODE_NULL; + Length++; + } + + if (Length < ucchMax) + { + /* Append null-character */ + lpTargetPath[Length] = UNICODE_NULL; + Length++; + } + + _SEH2_LEAVE; } - else + + /* + * If LUID device maps are enabled, + * ?? may not point to BaseNamedObjects + * It may only be local DOS namespace. + * And thus, it might be required to browse + * Global?? for global devices + */ + GlobalNeeded = FALSE; + if (BaseStaticServerData->LUIDDeviceMapsEnabled) { - TRACE("Buffer is too small\n"); - BaseSetLastNTError(STATUS_BUFFER_TOO_SMALL); - return 0; + /* Assume ?? == Global?? */ + IsGlobal = TRUE; + /* Check if it's the case */ + Status = IsGlobalDeviceMap(DirectoryHandle, &IsGlobal); + if (NT_SUCCESS(Status) && !IsGlobal) + { + /* It's not, we'll have to browse Global?? too! */ + GlobalNeeded = TRUE; + } } - } - else - { - RestartScan = TRUE; - Context = 0; + + /* + * Make sure we don't overrun the output buffer, so convert our DWORD + * size to USHORT size properly + */ + BufferLength = (ucchMax <= MAXULONG / sizeof(WCHAR)) ? (ucchMax * sizeof(WCHAR)) : MAXULONG; + Length = 0; Ptr = lpTargetPath; - DirInfo = (POBJECT_DIRECTORY_INFORMATION)Buffer; - while (TRUE) + Context = 0; + TotalEntries = 0; + + /* + * We'll query all entries at once, with a rather big buffer + * If it's too small, we'll grow it by 2. + * Limit the number of attempts to 3. + */ + for (i = 0; i < 3; ++i) { + /* Allocate the query buffer */ + Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength); + if (Buffer == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + _SEH2_LEAVE; + } + + /* Perform the query */ Status = NtQueryDirectoryObject(DirectoryHandle, Buffer, - sizeof(Buffer), + BufferLength, + FALSE, TRUE, - RestartScan, &Context, &ReturnLength); + /* Only failure accepted is: no more entries */ if (!NT_SUCCESS(Status)) { - if (Status == STATUS_NO_MORE_ENTRIES) + if (Status != STATUS_NO_MORE_ENTRIES) { - /* Terminate the buffer */ - *Ptr = UNICODE_NULL; - Length++; - - Status = STATUS_SUCCESS; + _SEH2_LEAVE; } - else + + /* + * Which is a success! But break out, + * it means our query returned no results + * so, nothing to parse. + */ + Status = STATUS_SUCCESS; + break; + } + + /* In case we had them all, start browsing for devices */ + if (Status != STATUS_MORE_ENTRIES) + { + DirInfo = Buffer; + + /* Loop until we find the nul entry (terminating entry) */ + while (TRUE) { - Length = 0; + /* It's an entry full of zeroes */ + if (RtlCompareMemory(&NullEntry, DirInfo, sizeof(NullEntry)) == sizeof(NullEntry)) + { + break; + } + + /* Only handle symlinks */ + if (!wcscmp(DirInfo->TypeName.Buffer, L"SymbolicLink")) + { + TRACE("Name: '%wZ'\n", &DirInfo->Name); + + /* Get name length in chars to only comparisons */ + NameLength = DirInfo->Name.Length / sizeof(WCHAR); + + /* Make sure we don't overrun output buffer */ + if (Length > ucchMax || + NameLength > ucchMax - Length || + ucchMax - NameLength - Length < sizeof(WCHAR)) + { + Status = STATUS_BUFFER_TOO_SMALL; + _SEH2_LEAVE; + } + + /* Copy and NULL terminate string */ + memcpy(Ptr, DirInfo->Name.Buffer, DirInfo->Name.Length); + Ptr[NameLength] = UNICODE_NULL; + + Ptr += (NameLength + 1); + Length += (NameLength + 1); + + /* + * Keep the entries count, in case we would have to + * handle GLOBAL?? too + */ + ++TotalEntries; + } + + /* Move to the next entry */ + ++DirInfo; } - BaseSetLastNTError(Status); + + /* + * No need to loop again here, we got all the entries + * Note: we don't free the buffer here, because we may + * need it for GLOBAL??, so we save a few cycles here. + */ + break; + } + + /* Failure path here, we'll need bigger buffer */ + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + Buffer = NULL; + + /* We can't have bigger than that one, so leave */ + if (BufferLength == MAXULONG) + { break; } - if (!wcscmp(DirInfo->TypeName.Buffer, L"SymbolicLink")) + /* Prevent any overflow while computing new size */ + if (MAXULONG - BufferLength < BufferLength) { - TRACE("Name: '%wZ'\n", &DirInfo->Name); + BufferLength = MAXULONG; + } + else + { + BufferLength *= 2; + } + } + + /* + * Out of the hot loop, but with more entries left? + * that's an error case, leave here! + */ + if (Status == STATUS_MORE_ENTRIES) + { + Status = STATUS_BUFFER_TOO_SMALL; + _SEH2_LEAVE; + } + + /* Now, if we had to handle GLOBAL??, go for it! */ + if (BaseStaticServerData->LUIDDeviceMapsEnabled && NT_SUCCESS(Status) && GlobalNeeded) + { + NtClose(DirectoryHandle); + DirectoryHandle = 0; + + RtlInitUnicodeString(&UnicodeString, L"\\GLOBAL??"); + InitializeObjectAttributes(&ObjectAttributes, + &UnicodeString, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + Status = NtOpenDirectoryObject(&DirectoryHandle, + DIRECTORY_QUERY, + &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + WARN("NtOpenDirectoryObject() failed (Status %lx)\n", Status); + _SEH2_LEAVE; + } + + /* + * We'll query all entries at once, with a rather big buffer + * If it's too small, we'll grow it by 2. + * Limit the number of attempts to 3. + */ + for (i = 0; i < 3; ++i) + { + /* If we had no buffer from previous attempt, allocate one */ + if (Buffer == NULL) + { + Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength); + if (Buffer == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + _SEH2_LEAVE; + } + } + + /* Perform the query */ + Status = NtQueryDirectoryObject(DirectoryHandle, + Buffer, + BufferLength, + FALSE, + TRUE, + &Context, + &ReturnLength); + /* Only failure accepted is: no more entries */ + if (!NT_SUCCESS(Status)) + { + if (Status != STATUS_NO_MORE_ENTRIES) + { + _SEH2_LEAVE; + } - NameLength = DirInfo->Name.Length / sizeof(WCHAR); - if (Length + NameLength + 1 >= ucchMax) + /* + * Which is a success! But break out, + * it means our query returned no results + * so, nothing to parse. + */ + Status = STATUS_SUCCESS; + break; + } + + /* In case we had them all, start browsing for devices */ + if (Status != STATUS_MORE_ENTRIES) + { + DirInfo = Buffer; + + /* Loop until we find the nul entry (terminating entry) */ + while (TRUE) + { + /* It's an entry full of zeroes */ + if (RtlCompareMemory(&NullEntry, DirInfo, sizeof(NullEntry)) == sizeof(NullEntry)) + { + break; + } + + /* Only handle symlinks */ + if (!wcscmp(DirInfo->TypeName.Buffer, L"SymbolicLink")) + { + TRACE("Name: '%wZ'\n", &DirInfo->Name); + + /* + * Now, we previously already browsed ??, and we + * don't want to devices twice, so we'll check + * the output buffer for duplicates. + * We'll add our entry only if we don't have already + * returned it. + */ + if (FindSymbolicLinkEntry(DirInfo->Name.Buffer, + lpTargetPath, + TotalEntries, + &Found) == ERROR_SUCCESS && + !Found) + { + /* Get name length in chars to only comparisons */ + NameLength = DirInfo->Name.Length / sizeof(WCHAR); + + /* Make sure we don't overrun output buffer */ + if (Length > ucchMax || + NameLength > ucchMax - Length || + ucchMax - NameLength - Length < sizeof(WCHAR)) + { + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + NtClose(DirectoryHandle); + BaseSetLastNTError(STATUS_BUFFER_TOO_SMALL); + return 0; + } + + /* Copy and NULL terminate string */ + memcpy(Ptr, DirInfo->Name.Buffer, DirInfo->Name.Length); + Ptr[NameLength] = UNICODE_NULL; + + Ptr += (NameLength + 1); + Length += (NameLength + 1); + } + } + + /* Move to the next entry */ + ++DirInfo; + } + + /* No need to loop again here, we got all the entries */ + break; + } + + /* Failure path here, we'll need bigger buffer */ + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + Buffer = NULL; + + /* We can't have bigger than that one, so leave */ + if (BufferLength == MAXULONG) { - Length = 0; - BaseSetLastNTError(STATUS_BUFFER_TOO_SMALL); break; } - memcpy(Ptr, DirInfo->Name.Buffer, DirInfo->Name.Length); - Ptr += NameLength; - Length += NameLength; - *Ptr = UNICODE_NULL; - Ptr++; - Length++; + /* Prevent any overflow while computing new size */ + if (MAXULONG - BufferLength < BufferLength) + { + BufferLength = MAXULONG; + } + else + { + BufferLength *= 2; + } + } + + /* + * Out of the hot loop, but with more entries left? + * that's an error case, leave here! + */ + if (Status == STATUS_MORE_ENTRIES) + { + Status = STATUS_BUFFER_TOO_SMALL; + _SEH2_LEAVE; + } + } + + /* If we failed somewhere, just leave */ + if (!NT_SUCCESS(Status)) + { + _SEH2_LEAVE; + } + + /* If we returned no entries, time to write the empty string */ + if (Length == 0) + { + /* Unless output buffer is too small! */ + if (ucchMax <= 0) + { + Status = STATUS_BUFFER_TOO_SMALL; + _SEH2_LEAVE; } - RestartScan = FALSE; + /* Emptry string is one char (terminator!) */ + *Ptr = UNICODE_NULL; + ++Ptr; + Length = 1; } - NtClose(DirectoryHandle); + /* + * If we have enough room, we need to double terminate the buffer: + * that's a MULTI_SZ buffer, its end is marked by double NULL. + * One was already added during the "copy string" process. + * If we don't have enough room: that's a failure case. + */ + if (Length < ucchMax) + { + *Ptr = UNICODE_NULL; + ++Ptr; + } + else + { + Status = STATUS_BUFFER_TOO_SMALL; + } + } + _SEH2_FINALLY + { + if (DirectoryHandle != 0) + { + NtClose(DirectoryHandle); + } + + if (Buffer != NULL) + { + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + } + + if (!NT_SUCCESS(Status)) + { + Length = 0; + BaseSetLastNTError(Status); + } } + _SEH2_END; return Length; }

5 years, 4 months

[reactos] 09/09: [NTOS:PNP] Reduce the size of the pool buffer in IopGetParentIdPrefix. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5706f6e9f4b237ada8098… commit 5706f6e9f4b237ada8098938ca2d4580f28d458a Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Thu Apr 18 07:41:50 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:29 2019 +0200 [NTOS:PNP] Reduce the size of the pool buffer in IopGetParentIdPrefix. CORE-15882 --- ntoskrnl/io/pnpmgr/pnpmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ntoskrnl/io/pnpmgr/pnpmgr.c b/ntoskrnl/io/pnpmgr/pnpmgr.c index b4f59f4d17..e5530c6171 100644 --- a/ntoskrnl/io/pnpmgr/pnpmgr.c +++ b/ntoskrnl/io/pnpmgr/pnpmgr.c @@ -1853,7 +1853,7 @@ IopGetParentIdPrefix(PDEVICE_NODE DeviceNode, } /* 1. Try to retrieve ParentIdPrefix from registry */ - KeyNameBufferLength = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data[0]) + MAX_PATH * sizeof(WCHAR); + KeyNameBufferLength = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + sizeof(L"12345678&12345678"); ParentIdPrefixInformation = ExAllocatePoolWithTag(PagedPool, KeyNameBufferLength + sizeof(UNICODE_NULL), TAG_IO);

5 years, 4 months

[reactos] 08/09: [NTOS:CM] Reduce the size of some unnecessarily large stack buffers. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2f1fab41fadffed7c69c9… commit 2f1fab41fadffed7c69c953476667ecd3b8d84ca Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Wed Apr 17 10:31:34 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:26 2019 +0200 [NTOS:CM] Reduce the size of some unnecessarily large stack buffers. CORE-15882 --- ntoskrnl/config/cmsysini.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/config/cmsysini.c b/ntoskrnl/config/cmsysini.c index c773f1f569..6f9414bde6 100644 --- a/ntoskrnl/config/cmsysini.c +++ b/ntoskrnl/config/cmsysini.c @@ -1191,7 +1191,7 @@ VOID NTAPI CmpLoadHiveThread(IN PVOID StartContext) { - WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH]; + WCHAR FileBuffer[64], RegBuffer[64]; PCWSTR ConfigPath; UNICODE_STRING TempName, FileName, RegName; ULONG i, ErrorResponse, WorkerCount, Length; @@ -1357,7 +1357,7 @@ VOID NTAPI CmpInitializeHiveList(VOID) { - WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH]; + WCHAR FileBuffer[64], RegBuffer[64]; PCWSTR ConfigPath; UNICODE_STRING TempName, FileName, RegName; HANDLE Thread;

5 years, 4 months

[reactos] 07/09: [NTOS:CM] Simplify CmpGetRegistryPath to avoid unnecessary stack buffers. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=047a3bf79ab21d84fb480… commit 047a3bf79ab21d84fb480d8df99dd087aca97976 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Wed Apr 17 10:25:52 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:22 2019 +0200 [NTOS:CM] Simplify CmpGetRegistryPath to avoid unnecessary stack buffers. CORE-15882 --- ntoskrnl/config/cmsysini.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/ntoskrnl/config/cmsysini.c b/ntoskrnl/config/cmsysini.c index d672ead8c2..c773f1f569 100644 --- a/ntoskrnl/config/cmsysini.c +++ b/ntoskrnl/config/cmsysini.c @@ -1166,32 +1166,24 @@ CmpCreateRegistryRoot(VOID) return TRUE; } -static NTSTATUS -CmpGetRegistryPath(OUT PWCHAR ConfigPath) +static PCWSTR +CmpGetRegistryPath(VOID) { - /* Just use default path */ - wcscpy(ConfigPath, L"\\SystemRoot"); + PCWSTR ConfigPath; /* Check if we are booted in setup */ if (!ExpInTextModeSetup) { - /* Add registry path */ -#if 0 - ResultSize = wcslen(ConfigPath); - if (ResultSize && ConfigPath[ResultSize - 1] == L'\\') - ConfigPath[ResultSize - 1] = UNICODE_NULL; -#endif - wcscat(ConfigPath, L"\\System32\\Config\\"); + ConfigPath = L"\\SystemRoot\\System32\\Config\\"; } else { - wcscat(ConfigPath, L"\\"); + ConfigPath = L"\\SystemRoot\\"; } DPRINT1("CmpGetRegistryPath: ConfigPath = '%S'\n", ConfigPath); - /* Done */ - return STATUS_SUCCESS; + return ConfigPath; } _Function_class_(KSTART_ROUTINE) @@ -1199,7 +1191,8 @@ VOID NTAPI CmpLoadHiveThread(IN PVOID StartContext) { - WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH], ConfigPath[MAX_PATH]; + WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH]; + PCWSTR ConfigPath; UNICODE_STRING TempName, FileName, RegName; ULONG i, ErrorResponse, WorkerCount, Length; USHORT FileStart; @@ -1222,7 +1215,7 @@ CmpLoadHiveThread(IN PVOID StartContext) RtlInitEmptyUnicodeString(&RegName, RegBuffer, sizeof(RegBuffer)); /* Now build the system root path */ - CmpGetRegistryPath(ConfigPath); + ConfigPath = CmpGetRegistryPath(); RtlInitUnicodeString(&TempName, ConfigPath); RtlAppendUnicodeStringToString(&FileName, &TempName); FileStart = FileName.Length; @@ -1364,7 +1357,8 @@ VOID NTAPI CmpInitializeHiveList(VOID) { - WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH], ConfigPath[MAX_PATH]; + WCHAR FileBuffer[MAX_PATH], RegBuffer[MAX_PATH]; + PCWSTR ConfigPath; UNICODE_STRING TempName, FileName, RegName; HANDLE Thread; NTSTATUS Status; @@ -1381,7 +1375,7 @@ CmpInitializeHiveList(VOID) RtlInitEmptyUnicodeString(&RegName, RegBuffer, sizeof(RegBuffer)); /* Now build the system root path */ - CmpGetRegistryPath(ConfigPath); + ConfigPath = CmpGetRegistryPath(); RtlInitUnicodeString(&TempName, ConfigPath); RtlAppendUnicodeStringToString(&FileName, &TempName);

5 years, 4 months

[reactos] 06/09: [NTOS:CM] Avoid a fixed-length stack buffer in CmpCmdHiveOpen. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d570482bc72241156261f… commit d570482bc72241156261f35cacb96b1405138412 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Wed Apr 17 09:37:37 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:18 2019 +0200 [NTOS:CM] Avoid a fixed-length stack buffer in CmpCmdHiveOpen. CORE-15882 --- ntoskrnl/config/cmlazy.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/ntoskrnl/config/cmlazy.c b/ntoskrnl/config/cmlazy.c index 8093c61bd5..9376076652 100644 --- a/ntoskrnl/config/cmlazy.c +++ b/ntoskrnl/config/cmlazy.c @@ -278,9 +278,8 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, NTSTATUS Status; UNICODE_STRING FileName; PWCHAR FilePath; - UCHAR Buffer[sizeof(OBJECT_NAME_INFORMATION) + MAX_PATH * sizeof(WCHAR)]; - ULONG Length = sizeof(Buffer); - POBJECT_NAME_INFORMATION FileNameInfo = (POBJECT_NAME_INFORMATION)Buffer; + ULONG Length; + POBJECT_NAME_INFORMATION FileNameInfo; PAGED_CODE(); @@ -297,6 +296,27 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, return STATUS_OBJECT_PATH_SYNTAX_BAD; } + /* Determine the right buffer size and allocate */ + Status = ZwQueryObject(FileAttributes->RootDirectory, + ObjectNameInformation, + NULL, + 0, + &Length); + if (Status != STATUS_BUFFER_TOO_SMALL) + { + DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status); + return Status; + } + + FileNameInfo = ExAllocatePoolWithTag(PagedPool, + Length + sizeof(UNICODE_NULL), + TAG_CM); + if (FileNameInfo == NULL) + { + DPRINT1("CmpCmdHiveOpen(): Unable to allocate memory\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + /* Try to get the value */ Status = ZwQueryObject(FileAttributes->RootDirectory, ObjectNameInformation, @@ -307,6 +327,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, { /* Fail */ DPRINT1("CmpCmdHiveOpen(): Root directory handle object name query failed, Status = 0x%08lx\n", Status); + ExFreePoolWithTag(FileNameInfo, TAG_CM); return Status; } @@ -321,6 +342,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, if (Length > MAXUSHORT) { /* Name size too long, bail out */ + ExFreePoolWithTag(FileNameInfo, TAG_CM); return STATUS_OBJECT_PATH_INVALID; } @@ -331,10 +353,12 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes, { /* Fail */ DPRINT1("CmpCmdHiveOpen(): Unable to allocate memory\n"); + ExFreePoolWithTag(FileNameInfo, TAG_CM); return STATUS_INSUFFICIENT_RESOURCES; } FileName.MaximumLength = Length; RtlCopyUnicodeString(&FileName, &FileNameInfo->Name); + ExFreePoolWithTag(FileNameInfo, TAG_CM); /* * Append a path terminator if needed (we have already accounted

5 years, 4 months

[reactos] 05/09: [NTOS:CM] Avoid a fixed-length stack buffer in CmpAddToHiveFileList. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=26ab9f8a037475d543403… commit 26ab9f8a037475d5434038c52cf84f25ac4d59d3 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Mon Apr 15 12:10:23 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:14 2019 +0200 [NTOS:CM] Avoid a fixed-length stack buffer in CmpAddToHiveFileList. CORE-15882 --- ntoskrnl/config/cmhvlist.c | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/ntoskrnl/config/cmhvlist.c b/ntoskrnl/config/cmhvlist.c index 25f8414052..8a4009303d 100644 --- a/ntoskrnl/config/cmhvlist.c +++ b/ntoskrnl/config/cmhvlist.c @@ -134,11 +134,11 @@ CmpAddToHiveFileList(IN PCMHIVE Hive) HANDLE KeyHandle; UNICODE_STRING HivePath; PWCHAR FilePath; - UCHAR Buffer[sizeof(OBJECT_NAME_INFORMATION) + MAX_PATH * sizeof(WCHAR)]; - ULONG Length = sizeof(Buffer); - POBJECT_NAME_INFORMATION FileNameInfo = (POBJECT_NAME_INFORMATION)Buffer; + ULONG Length; + POBJECT_NAME_INFORMATION FileNameInfo; HivePath.Buffer = NULL; + FileNameInfo = NULL; /* Create or open the hive list key */ InitializeObjectAttributes(&ObjectAttributes, @@ -172,6 +172,27 @@ CmpAddToHiveFileList(IN PCMHIVE Hive) /* Get the name of the corresponding file */ if (!(Hive->Hive.HiveFlags & HIVE_VOLATILE)) { + /* Determine the right buffer size and allocate */ + Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY], + ObjectNameInformation, + NULL, + 0, + &Length); + if (Status != STATUS_BUFFER_TOO_SMALL) + { + DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status); + goto Quickie; + } + + FileNameInfo = ExAllocatePoolWithTag(PagedPool, + Length + sizeof(UNICODE_NULL), + TAG_CM); + if (FileNameInfo == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto Quickie; + } + /* Try to get the value */ Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY], ObjectNameInformation, @@ -215,7 +236,14 @@ CmpAddToHiveFileList(IN PCMHIVE Hive) Quickie: /* Cleanup and return status */ - if (HivePath.Buffer) ExFreePoolWithTag(HivePath.Buffer, TAG_CM); + if (HivePath.Buffer) + { + ExFreePoolWithTag(HivePath.Buffer, TAG_CM); + } + if (FileNameInfo) + { + ExFreePoolWithTag(FileNameInfo, TAG_CM); + } ObCloseHandle(KeyHandle, KernelMode); return Status; }

5 years, 4 months

[reactos] 04/09: [NTOS] Use correct buffer size when calling MiResolveImageReferences. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f3a280f52bd9f607d314c… commit f3a280f52bd9f607d314c8d812826dc40b12e3cd Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Mon Apr 15 08:25:23 2019 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:11 2019 +0200 [NTOS] Use correct buffer size when calling MiResolveImageReferences. CORE-15882 --- ntoskrnl/io/iomgr/driver.c | 4 +++- ntoskrnl/mm/ARM3/sysldr.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/io/iomgr/driver.c b/ntoskrnl/io/iomgr/driver.c index 49422e003a..f636dc3562 100644 --- a/ntoskrnl/io/iomgr/driver.c +++ b/ntoskrnl/io/iomgr/driver.c @@ -735,7 +735,9 @@ LdrProcessDriverModule(PLDR_DATA_TABLE_ENTRY LdrEntry, PVOID DriverBase = LdrEntry->DllBase; /* Allocate a buffer we'll use for names */ - Buffer = ExAllocatePoolWithTag(NonPagedPool, MAX_PATH, TAG_LDR_WSTR); + Buffer = ExAllocatePoolWithTag(NonPagedPool, + MAXIMUM_FILENAME_LENGTH, + TAG_LDR_WSTR); if (!Buffer) { /* Fail */ diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c index 4c2ffdaeb3..640856620a 100644 --- a/ntoskrnl/mm/ARM3/sysldr.c +++ b/ntoskrnl/mm/ARM3/sysldr.c @@ -2793,7 +2793,9 @@ MmLoadSystemImage(IN PUNICODE_STRING FileName, } /* Allocate a buffer we'll use for names */ - Buffer = ExAllocatePoolWithTag(NonPagedPool, MAX_PATH, TAG_LDR_WSTR); + Buffer = ExAllocatePoolWithTag(NonPagedPool, + MAXIMUM_FILENAME_LENGTH, + TAG_LDR_WSTR); if (!Buffer) return STATUS_INSUFFICIENT_RESOURCES; /* Check for a separator */

5 years, 4 months

[reactos] 03/09: [NTOS:PNP] Avoid a fixed-length stack buffer in IopActionConfigureChildServices. CORE-15882

by Thomas Faber

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ccb91bebbe1c44fb16016… commit ccb91bebbe1c44fb160165c6e717a56289d3ab5c Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Sun Mar 24 15:04:37 2019 +0100 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun May 5 10:39:07 2019 +0200 [NTOS:PNP] Avoid a fixed-length stack buffer in IopActionConfigureChildServices. CORE-15882 --- ntoskrnl/io/pnpmgr/pnpmgr.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/ntoskrnl/io/pnpmgr/pnpmgr.c b/ntoskrnl/io/pnpmgr/pnpmgr.c index 1362a89f03..b4f59f4d17 100644 --- a/ntoskrnl/io/pnpmgr/pnpmgr.c +++ b/ntoskrnl/io/pnpmgr/pnpmgr.c @@ -2854,16 +2854,11 @@ IopActionConfigureChildServices(PDEVICE_NODE DeviceNode, if (!(DeviceNode->Flags & (DNF_DISABLED | DNF_STARTED | DNF_ADDED))) { - WCHAR RegKeyBuffer[MAX_PATH]; UNICODE_STRING RegKey; /* Install the service for this if it's in the CDDB */ IopInstallCriticalDevice(DeviceNode); - RegKey.Length = 0; - RegKey.MaximumLength = sizeof(RegKeyBuffer); - RegKey.Buffer = RegKeyBuffer; - /* * Retrieve configuration from Enum key */ @@ -2885,11 +2880,24 @@ IopActionConfigureChildServices(PDEVICE_NODE DeviceNode, QueryTable[1].DefaultData = L""; QueryTable[1].DefaultLength = 0; - RtlAppendUnicodeToString(&RegKey, L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\"); + RegKey.Length = 0; + RegKey.MaximumLength = sizeof(ENUM_ROOT) + sizeof(WCHAR) + DeviceNode->InstancePath.Length; + RegKey.Buffer = ExAllocatePoolWithTag(PagedPool, + RegKey.MaximumLength, + TAG_IO); + if (RegKey.Buffer == NULL) + { + IopDeviceNodeSetFlag(DeviceNode, DNF_DISABLED); + return STATUS_INSUFFICIENT_RESOURCES; + } + + RtlAppendUnicodeToString(&RegKey, ENUM_ROOT); + RtlAppendUnicodeToString(&RegKey, L"\\"); RtlAppendUnicodeStringToString(&RegKey, &DeviceNode->InstancePath); Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE, RegKey.Buffer, QueryTable, NULL, NULL); + ExFreePoolWithTag(RegKey.Buffer, TAG_IO); if (!NT_SUCCESS(Status)) {

5 years, 4 months

← Newer
1
...
10
11
12
13
14
15
16
17
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs May 2019