[ros-diffs] [weiden] 18815: fixed ProbeAndCaptureUnicodeString to properly capture unicode strings

fixed ProbeAndCaptureUnicodeString to properly capture unicode strings Modified: trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h _____ Modified: trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h --- trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h 2005-10-27 23:13:04 UTC (rev 18814) +++ trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h 2005-10-27 23:24:15 UTC (rev 18815) @@ -90,11 +90,11 @@ NTSTATUS NTAPI ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, - KPROCESSOR_MODE CurrentMode, + IN KPROCESSOR_MODE CurrentMode, IN PUNICODE_STRING UnsafeSrc) { NTSTATUS Status = STATUS_SUCCESS; - PVOID Buffer; + WCHAR *Buffer; ASSERT(Dest != NULL); /* Probe the structure and buffer*/ @@ -106,41 +106,59 @@ sizeof(UNICODE_STRING), sizeof(ULONG)); *Dest = *UnsafeSrc; - if(Dest->Length > 0) + if(Dest->Buffer != NULL) { - ProbeForRead(Dest->Buffer, - Dest->Length, - sizeof(WCHAR)); + if (Dest->Length != 0) + { + ProbeForRead(Dest->Buffer, + Dest->Length, + sizeof(WCHAR)); + + /* Allocate space for the buffer */ + Buffer = ExAllocatePoolWithTag(PagedPool, + Dest->Length + sizeof(WCHAR), + TAG('U', 'S', 'T', 'R')); + if (Buffer == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + _SEH_LEAVE; + } + + /* Copy it */ + RtlCopyMemory(Buffer, Dest->Buffer, Dest->Length); + Buffer[Dest->Length / sizeof(WCHAR)] = UNICODE_NULL; + + /* Set it as the buffer */ + Dest->Buffer = Buffer; + } + else + { + /* sanitize structure */ + Dest->Length = 0; + Dest->MaximumLength = 0; + Dest->Buffer = NULL; + } } + else + { + /* sanitize structure */ + Dest->Length = 0; + Dest->MaximumLength = 0; + } } _SEH_HANDLE { Status = _SEH_GetExceptionCode(); } _SEH_END; - - if (!NT_SUCCESS(Status)) return Status; } else { - /* Just copy it directly */ + /* Just copy the UNICODE_STRING structure, don't allocate new memory! + We trust the caller to supply valid pointers and data. */ *Dest = *UnsafeSrc; } - /* Allocate space for the buffer */ - Buffer = ExAllocatePool(PagedPool, Dest->MaximumLength); - - if (Buffer != NULL) - { - /* Copy it */ - RtlCopyMemory(Buffer, Dest->Buffer, Dest->MaximumLength); - - /* Set it as the buffer */ - Dest->Buffer = Buffer; - } - else - Status = STATUS_INSUFFICIENT_RESOURCES; - /* Return */ return Status; } @@ -149,9 +167,12 @@ VOID NTAPI ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, - KPROCESSOR_MODE CurrentMode) + IN KPROCESSOR_MODE CurrentMode) { - if(CurrentMode != KernelMode) ExFreePool(CapturedString->Buffer); + if(CurrentMode != KernelMode && CapturedString->Buffer != NULL) + { + ExFreePool(CapturedString->Buffer); + } } /*