Author: pschweitzer Date: Sun Jun 21 08:06:25 2015 New Revision: 68223
URL: http://svn.reactos.org/svn/reactos?rev=68223&view=rev Log: [NTOSKRNL] - Probe input buffer for read in NtSetSystemInformation() and call the helpers function in a PSEH block - For the NtSetSytemInformation - SystemSessionCreate specific case, as we return session ID, probe for write directly there.
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=6... ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Sun Jun 21 08:06:25 2015 @@ -2068,6 +2068,8 @@ { return STATUS_PRIVILEGE_NOT_HELD; } + + ProbeForWriteUlong(Buffer); }
Status = MmSessionCreate(&SessionId); @@ -2452,43 +2454,47 @@ IN PVOID SystemInformation, IN ULONG SystemInformationLength) { + NTSTATUS Status = STATUS_INVALID_INFO_CLASS; + KPROCESSOR_MODE PreviousMode; + PAGED_CODE();
- /* - * If called from user mode, check - * possible unsafe arguments. - */ -#if 0 - if (KernelMode != KeGetPreviousMode()) - { - // Check arguments - //ProbeForWrite( - // SystemInformation, - // Length - // ); - //ProbeForWrite( - // ResultLength, - // sizeof (ULONG) - // ); - } -#endif - /* - * Check the request is valid. - */ - if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) && - (SystemInformationClass < MAX_SYSTEM_INFO_CLASS)) - { - if (NULL != CallQS [SystemInformationClass].Set) - { - /* - * Hand the request to a subhandler. - */ - return CallQS [SystemInformationClass].Set(SystemInformation, - SystemInformationLength); - } - } - - return STATUS_INVALID_INFO_CLASS; + PreviousMode = ExGetPreviousMode(); + + _SEH2_TRY + { + /* + * If called from user mode, check + * possible unsafe arguments. + */ + if (PreviousMode != KernelMode) + { + ProbeForRead(SystemInformation, SystemInformationLength, sizeof(ULONG)); + } + + /* + * Check the request is valid. + */ + if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) && + (SystemInformationClass < MAX_SYSTEM_INFO_CLASS)) + { + if (NULL != CallQS [SystemInformationClass].Set) + { + /* + * Hand the request to a subhandler. + */ + Status = CallQS [SystemInformationClass].Set(SystemInformation, + SystemInformationLength); + } + } + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + return Status; }
NTSTATUS