[ros-diffs] [jmorlan] 47316: [WIN32CSR] Protect ProcessData->Console with the HandleTableLock.

Author: jmorlan Date: Sun May 23 04:58:23 2010 New Revision: 47316 URL: http://svn.reactos.org/svn/reactos?rev=47316&view=rev Log: [WIN32CSR] Protect ProcessData->Console with the HandleTableLock. Modified: trunk/reactos/subsystems/win32/csrss/win32csr/conio.c trunk/reactos/subsystems/win32/csrss/win32csr/handle.c Modified: trunk/reactos/subsystems/win32/csrss/win32csr/conio.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/csrss/win… ============================================================================== --- trunk/reactos/subsystems/win32/csrss/win32csr/conio.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/csrss/win32csr/conio.c [iso-8859-1] Sun May 23 04:58:23 2010 @@ -41,15 +41,20 @@ NTSTATUS FASTCALL ConioConsoleFromProcessData(PCSRSS_PROCESS_DATA ProcessData, PCSRSS_CONSOLE *Console) { - PCSRSS_CONSOLE ProcessConsole = ProcessData->Console; + PCSRSS_CONSOLE ProcessConsole; + + RtlEnterCriticalSection(&ProcessData->HandleTableLock); + ProcessConsole = ProcessData->Console; if (!ProcessConsole) { *Console = NULL; + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return STATUS_INVALID_HANDLE; } InterlockedIncrement(&ProcessConsole->Header.ReferenceCount); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); EnterCriticalSection(&(ProcessConsole->Header.Lock)); *Console = ProcessConsole; @@ -247,9 +252,11 @@ Request->Header.u1.s1.TotalLength = sizeof(CSR_API_MESSAGE); Request->Header.u1.s1.DataLength = sizeof(CSR_API_MESSAGE) - sizeof(PORT_MESSAGE); + RtlEnterCriticalSection(&ProcessData->HandleTableLock); if (ProcessData->Console) { DPRINT1("Process already has a console\n"); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return STATUS_INVALID_PARAMETER; } @@ -257,6 +264,7 @@ if (!Request->Data.AllocConsoleRequest.ConsoleNeeded) { DPRINT("No console needed\n"); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return STATUS_SUCCESS; } @@ -270,6 +278,7 @@ if (NULL == Console) { DPRINT1("Not enough memory for console\n"); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return STATUS_NO_MEMORY; } /* initialize list head */ @@ -282,6 +291,7 @@ { DPRINT1("Console init failed\n"); HeapFree(Win32CsrApiHeap, 0, Console); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Status; } } @@ -313,6 +323,7 @@ DPRINT1("Failed to insert object\n"); ConioDeleteConsole((Object_t *) Console); ProcessData->Console = 0; + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Status; } @@ -328,6 +339,7 @@ Win32CsrReleaseObject(ProcessData, Request->Data.AllocConsoleRequest.InputHandle); ProcessData->Console = 0; + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Status; } } @@ -351,6 +363,7 @@ Request->Data.AllocConsoleRequest.InputHandle); } ProcessData->Console = 0; + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Status; } @@ -364,6 +377,7 @@ InsertHeadList(&ProcessData->Console->ProcessList, &ProcessData->ProcessEntry); } + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return STATUS_SUCCESS; } @@ -1960,6 +1974,7 @@ DPRINT("CsrCreateScreenBuffer\n"); + RtlEnterCriticalSection(&ProcessData->HandleTableLock); Status = ConioConsoleFromProcessData(ProcessData, &Console); if (! NT_SUCCESS(Status)) { @@ -2012,6 +2027,7 @@ } ConioUnlockConsole(Console); + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Status; } Modified: trunk/reactos/subsystems/win32/csrss/win32csr/handle.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/csrss/win… ============================================================================== --- trunk/reactos/subsystems/win32/csrss/win32csr/handle.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/csrss/win32csr/handle.c [iso-8859-1] Sun May 23 04:58:23 2010 @@ -146,27 +146,24 @@ Win32CsrReleaseConsole( PCSRSS_PROCESS_DATA ProcessData) { - ULONG HandleTableSize; - PCSRSS_HANDLE HandleTable; PCSRSS_CONSOLE Console; ULONG i; /* Close all console handles and detach process from console */ RtlEnterCriticalSection(&ProcessData->HandleTableLock); - HandleTableSize = ProcessData->HandleTableSize; - HandleTable = ProcessData->HandleTable; + + for (i = 0; i < ProcessData->HandleTableSize; i++) + { + if (ProcessData->HandleTable[i].Object != NULL) + Win32CsrReleaseObjectByPointer(ProcessData->HandleTable[i].Object); + } + ProcessData->HandleTableSize = 0; + RtlFreeHeap(Win32CsrApiHeap, 0, ProcessData->HandleTable); + ProcessData->HandleTable = NULL; + Console = ProcessData->Console; - ProcessData->HandleTableSize = 0; - ProcessData->HandleTable = NULL; ProcessData->Console = NULL; RtlLeaveCriticalSection(&ProcessData->HandleTableLock); - - for (i = 0; i < HandleTableSize; i++) - { - if (HandleTable[i].Object != NULL) - Win32CsrReleaseObjectByPointer(HandleTable[i].Object); - } - RtlFreeHeap(Win32CsrApiHeap, 0, HandleTable); if (Console != NULL) { @@ -272,6 +269,7 @@ Request->Header.u1.s1.TotalLength = sizeof(CSR_API_MESSAGE); Request->Header.u1.s1.DataLength = sizeof(CSR_API_MESSAGE) - sizeof(PORT_MESSAGE); + RtlEnterCriticalSection(&ProcessData->HandleTableLock); if (ProcessData->Console) { Request->Status = Win32CsrInsertObject(ProcessData, @@ -285,6 +283,7 @@ Request->Data.GetInputHandleRequest.InputHandle = INVALID_HANDLE_VALUE; Request->Status = STATUS_SUCCESS; } + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Request->Status; } @@ -294,6 +293,7 @@ Request->Header.u1.s1.TotalLength = sizeof(CSR_API_MESSAGE); Request->Header.u1.s1.DataLength = sizeof(CSR_API_MESSAGE) - sizeof(PORT_MESSAGE); + RtlEnterCriticalSection(&ProcessData->HandleTableLock); if (ProcessData->Console) { Request->Status = Win32CsrInsertObject(ProcessData, @@ -307,6 +307,7 @@ Request->Data.GetOutputHandleRequest.OutputHandle = INVALID_HANDLE_VALUE; Request->Status = STATUS_SUCCESS; } + RtlLeaveCriticalSection(&ProcessData->HandleTableLock); return Request->Status; }