[ros-diffs] [jgardou] 63700: [NTOSKRNL] - Use ZwSetValueKey instead of NtSetValueKey - Properly probe and copy parameters when NtSetValueKey is called from UMode CORE-7738 #resolve #comment fixed in r63700

Author: jgardou Date: Tue Jul 8 18:42:20 2014 New Revision: 63700

URL: http://svn.reactos.org/svn/reactos?rev=63700&view=rev Log: [NTOSKRNL] - Use ZwSetValueKey instead of NtSetValueKey - Properly probe and copy parameters when NtSetValueKey is called from UMode CORE-7738 #resolve #comment fixed in r63700

Modified: trunk/reactos/ntoskrnl/config/cmconfig.c trunk/reactos/ntoskrnl/config/cmsysini.c trunk/reactos/ntoskrnl/config/i386/cmhardwr.c trunk/reactos/ntoskrnl/config/ntapi.c trunk/reactos/ntoskrnl/config/powerpc/cmhardwr.c trunk/reactos/ntoskrnl/ex/init.c trunk/reactos/ntoskrnl/io/iomgr/bootlog.c

Modified: trunk/reactos/ntoskrnl/config/cmconfig.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmconfig.c?... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmconfig.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmconfig.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -97,7 +97,7 @@

/* Setup the component information key */ RtlInitUnicodeString(&ValueName, L"Component Information"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_BINARY, @@ -124,7 +124,7 @@ if (NT_SUCCESS(Status)) { /* Save the identifier in the registry */ - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_SZ, @@ -178,7 +178,7 @@ CmpConfigurationData->BusNumber = BusNumber;

/* Save the actual data */ - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_FULL_RESOURCE_DESCRIPTOR,

Modified: trunk/reactos/ntoskrnl/config/cmsysini.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmsysini.c?... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmsysini.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmsysini.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -416,7 +416,7 @@

/* Key opened, now write to the key */ RtlInitUnicodeString(&KeyName, L"SystemStartOptions"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &KeyName, 0, REG_SZ, @@ -427,7 +427,7 @@ /* Setup value name for system boot device in ARC format */ RtlInitUnicodeString(&KeyName, L"SystemBootDevice"); RtlCreateUnicodeStringFromAsciiz(&ValueName, LoaderBlock->ArcBootDeviceName); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &KeyName, 0, REG_SZ, @@ -474,7 +474,7 @@ OBJ_CASE_INSENSITIVE, NULL, NULL); - Status = NtOpenKey(&SelectHandle, KEY_READ, &ObjectAttributes); + Status = ZwOpenKey(&SelectHandle, KEY_READ, &ObjectAttributes); if (!NT_SUCCESS(Status)) { /* ReactOS Hack: Hard-code current to 001 for SetupLdr */ @@ -488,16 +488,17 @@ OBJ_CASE_INSENSITIVE, NULL, NULL); - Status = NtCreateKey(&KeyHandle, + Status = ZwCreateKey(&KeyHandle, KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, 0, &Disposition); - if (!NT_SUCCESS(Status)) return Status; - - /* Don't need the handle */ + if (!NT_SUCCESS(Status)) + return Status; + + /* We don't need the handle */ ZwClose(KeyHandle);

/* Use hard-coded setting */ @@ -533,7 +534,7 @@ OBJ_CASE_INSENSITIVE, NULL, NULL); - Status = NtCreateKey(&KeyHandle, + Status = ZwCreateKey(&KeyHandle, KEY_CREATE_LINK, &ObjectAttributes, 0, @@ -557,7 +558,7 @@ Status = RtlAnsiStringToUnicodeString(&KeyName, &TempString, FALSE);

/* Set the value */ - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &CmSymbolicLinkValueName, 0, REG_LINK, @@ -572,7 +573,7 @@ KeyHandle, NULL); Status = NtOpenKey(&ConfigHandle, KEY_READ, &ObjectAttributes); - NtClose(KeyHandle); + ZwClose(KeyHandle);

/* Check if we don't have one */ if (!NT_SUCCESS(Status)) @@ -689,7 +690,7 @@ ASSERT(STATUS_SUCCESS == Status);

/* Set it */ - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &CmSymbolicLinkValueName, 0, REG_LINK, @@ -2180,7 +2181,7 @@ RtlInitUnicodeString(&ValueData, Buffer);

- NtSetValueKey(CurrentVersionKeyHandle, + ZwSetValueKey(CurrentVersionKeyHandle, &ValueName, 0, REG_SZ,

Modified: trunk/reactos/ntoskrnl/config/i386/cmhardwr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/i386/cmhard... ============================================================================== --- trunk/reactos/ntoskrnl/config/i386/cmhardwr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/i386/cmhardwr.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -268,7 +268,7 @@

/* Set the value */ RtlInitUnicodeString(&ValueName, L"PhysicalAddressExtension"); - NtSetValueKey(KeyHandle, + ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -463,7 +463,7 @@

/* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"ProcessorNameString"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_SZ, @@ -486,7 +486,7 @@

/* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"VendorIdentifier"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_SZ, @@ -502,7 +502,7 @@ { /* Add them to the registry */ RtlInitUnicodeString(&ValueName, L"FeatureSet"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -515,7 +515,7 @@ { /* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"~MHz"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -528,7 +528,7 @@ { /* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"Update Signature"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_BINARY, @@ -621,7 +621,7 @@

/* Write the date into the registry */ RtlInitUnicodeString(&ValueName, L"SystemBiosDate"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_SZ, @@ -643,7 +643,7 @@ if (NT_SUCCESS(Status)) { /* Save it to the registry */ - Status = NtSetValueKey(BiosHandle, + Status = ZwSetValueKey(BiosHandle, &ValueName, 0, REG_SZ, @@ -703,7 +703,7 @@

/* Write the BIOS Version to the registry */ RtlInitUnicodeString(&ValueName, L"SystemBiosVersion"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_MULTI_SZ, @@ -746,7 +746,7 @@

/* Write the date into the registry */ RtlInitUnicodeString(&ValueName, L"VideoBiosDate"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_SZ, @@ -801,7 +801,7 @@

/* Write the BIOS Version to the registry */ RtlInitUnicodeString(&ValueName, L"VideoBiosVersion"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_MULTI_SZ,

Modified: trunk/reactos/ntoskrnl/config/ntapi.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/ntapi.c?rev... ============================================================================== --- trunk/reactos/ntoskrnl/config/ntapi.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/ntapi.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -33,7 +33,10 @@ CM_PARSE_CONTEXT ParseContext = {0}; HANDLE Handle; PAGED_CODE(); - DPRINT("NtCreateKey(OB name %wZ)\n", ObjectAttributes->ObjectName); + + DPRINT("NtCreateKey(Path: %wZ, Root %x, Access: %x, CreateOptions %x)\n", + ObjectAttributes->ObjectName, ObjectAttributes->RootDirectory, + DesiredAccess, CreateOptions);

/* Check for user-mode caller */ if (PreviousMode != KernelMode) @@ -60,7 +63,8 @@ sizeof(OBJECT_ATTRIBUTES), sizeof(ULONG));

- if (Disposition) ProbeForWriteUlong(Disposition); + if (Disposition) + ProbeForWriteUlong(Disposition); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { @@ -101,6 +105,8 @@ } _SEH2_END;

+ DPRINT("Returning handle %x, Status %x.\n", Handle, Status); + /* Return status */ return Status; } @@ -116,7 +122,8 @@ NTSTATUS Status; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); PAGED_CODE(); - DPRINT("NtOpenKey(OB 0x%wZ)\n", ObjectAttributes->ObjectName); + DPRINT("NtOpenKey(Path: %wZ, Root %x, Access: %x)\n", + ObjectAttributes->ObjectName, ObjectAttributes->RootDirectory, DesiredAccess);

/* Check for user-mode caller */ if (PreviousMode != KernelMode) @@ -166,6 +173,8 @@ _SEH2_END; }

+ DPRINT("Returning handle %x, Status %x.\n", Handle, Status); + /* Return status */ return Status; } @@ -301,6 +310,7 @@

/* Dereference and return status */ ObDereferenceObject(KeyObject); + DPRINT("Returning status %x.\n", Status); return Status; }

@@ -604,14 +614,52 @@ IN PVOID Data, IN ULONG DataSize) { - NTSTATUS Status; - PCM_KEY_BODY KeyObject; + NTSTATUS Status = STATUS_SUCCESS; + PCM_KEY_BODY KeyObject = NULL; REG_SET_VALUE_KEY_INFORMATION SetValueKeyInfo; REG_POST_OPERATION_INFORMATION PostOperationInfo; - UNICODE_STRING ValueNameCopy = *ValueName; + UNICODE_STRING ValueNameCopy; + KPROCESSOR_MODE PreviousMode; + PAGED_CODE(); + + PreviousMode = ExGetPreviousMode(); + + if (Data && !DataSize) + return STATUS_INVALID_PARAMETER; + + /* Probe and copy the data */ + if ((PreviousMode != KernelMode) && Data) + { + PVOID DataCopy = ExAllocatePoolWithTag(PagedPool, DataSize, TAG_CM); + if (!DataCopy) + return STATUS_NO_MEMORY; + _SEH2_TRY + { + ProbeForRead(Data, DataSize, 1); + RtlCopyMemory(DataCopy, Data, DataSize); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + if (!NT_SUCCESS(Status)) + { + ExFreePoolWithTag(DataCopy, TAG_CM); + return Status; + } + Data = DataCopy; + } + + /* Capture the string */ + Status = ProbeAndCaptureUnicodeString(&ValueNameCopy, PreviousMode, ValueName); + if (!NT_SUCCESS(Status)) + goto end; + DPRINT("NtSetValueKey() KH 0x%p, VN '%wZ', TI %x, T %lu, DS %lu\n", - KeyHandle, ValueName, TitleIndex, Type, DataSize); + KeyHandle, &ValueNameCopy, TitleIndex, Type, DataSize);

/* Verify that the handle is valid and is a registry key */ Status = ObReferenceObjectByHandle(KeyHandle, @@ -620,7 +668,8 @@ ExGetPreviousMode(), (PVOID*)&KeyObject, NULL); - if (!NT_SUCCESS(Status)) return Status; + if (!NT_SUCCESS(Status)) + goto end;

/* Make sure the name is aligned, not too long, and the data under 4GB */ if ( (ValueNameCopy.Length > 32767) || @@ -628,8 +677,8 @@ (DataSize > 0x80000000)) { /* Fail */ - ObDereferenceObject(KeyObject); - return STATUS_INVALID_PARAMETER; + Status = STATUS_INVALID_PARAMETER; + goto end; }

/* Ignore any null characters at the end */ @@ -644,14 +693,14 @@ if (KeyObject->KeyControlBlock->ExtFlags & CM_KCB_READ_ONLY_KEY) { /* Fail */ - ObDereferenceObject(KeyObject); - return STATUS_ACCESS_DENIED; + Status = STATUS_ACCESS_DENIED; + goto end; }

/* Setup callback */ PostOperationInfo.Object = (PVOID)KeyObject; SetValueKeyInfo.Object = (PVOID)KeyObject; - SetValueKeyInfo.ValueName = ValueName; + SetValueKeyInfo.ValueName = &ValueNameCopy; SetValueKeyInfo.TitleIndex = TitleIndex; SetValueKeyInfo.Type = Type; SetValueKeyInfo.Data = Data; @@ -673,8 +722,13 @@ PostOperationInfo.Status = Status; CmiCallRegisteredCallbacks(RegNtPostSetValueKey, &PostOperationInfo);

+end: /* Dereference and return status */ - ObDereferenceObject(KeyObject); + if (KeyObject) + ObDereferenceObject(KeyObject); + ReleaseCapturedUnicodeString(&ValueNameCopy, PreviousMode); + if ((PreviousMode != KernelMode) && Data) + ExFreePoolWithTag(Data, TAG_CM); return Status; }

Modified: trunk/reactos/ntoskrnl/config/powerpc/cmhardwr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/powerpc/cmh... ============================================================================== --- trunk/reactos/ntoskrnl/config/powerpc/cmhardwr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/powerpc/cmhardwr.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -267,7 +267,7 @@

/* Set the value */ RtlInitUnicodeString(&ValueName, L"PhysicalAddressExtension"); - NtSetValueKey(KeyHandle, + ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -465,7 +465,7 @@

/* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"ProcessorNameString"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_SZ, @@ -488,7 +488,7 @@

/* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"VendorIdentifier"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_SZ, @@ -504,7 +504,7 @@ { /* Add them to the registry */ RtlInitUnicodeString(&ValueName, L"FeatureSet"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -517,7 +517,7 @@ { /* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"~MHz"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_DWORD, @@ -530,7 +530,7 @@ { /* Add it to the registry */ RtlInitUnicodeString(&ValueName, L"Update Signature"); - Status = NtSetValueKey(KeyHandle, + Status = ZwSetValueKey(KeyHandle, &ValueName, 0, REG_BINARY, @@ -623,7 +623,7 @@

/* Write the date into the registry */ RtlInitUnicodeString(&ValueName, L"SystemBiosDate"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_SZ, @@ -645,7 +645,7 @@ if (NT_SUCCESS(Status)) { /* Save it to the registry */ - Status = NtSetValueKey(BiosHandle, + Status = ZwSetValueKey(BiosHandle, &ValueName, 0, REG_SZ, @@ -705,7 +705,7 @@

/* Write the BIOS Version to the registry */ RtlInitUnicodeString(&ValueName, L"SystemBiosVersion"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_MULTI_SZ, @@ -749,7 +749,7 @@

/* Write the date into the registry */ RtlInitUnicodeString(&ValueName, L"VideoBiosDate"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_SZ, @@ -804,7 +804,7 @@

/* Write the BIOS Version to the registry */ RtlInitUnicodeString(&ValueName, L"VideoBiosVersion"); - Status = NtSetValueKey(SystemHandle, + Status = ZwSetValueKey(SystemHandle, &ValueName, 0, REG_MULTI_SZ,

Modified: trunk/reactos/ntoskrnl/ex/init.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/init.c?rev=6370... ============================================================================== --- trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/init.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -1853,7 +1853,7 @@ { /* Write the safe boot type */ RtlInitUnicodeString(&KeyName, L"OptionValue"); - NtSetValueKey(OptionHandle, + ZwSetValueKey(OptionHandle, &KeyName, 0, REG_DWORD, @@ -1866,7 +1866,7 @@ /* Remember this for later */ Disposition = TRUE; RtlInitUnicodeString(&KeyName, L"UseAlternateShell"); - NtSetValueKey(OptionHandle, + ZwSetValueKey(OptionHandle, &KeyName, 0, REG_DWORD,

Modified: trunk/reactos/ntoskrnl/io/iomgr/bootlog.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/bootlog.c... ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/bootlog.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/bootlog.c [iso-8859-1] Tue Jul 8 18:42:20 2014 @@ -135,7 +135,7 @@

if (!NT_SUCCESS(Status)) { - DPRINT1("NtSetValueKey() failed (Status %lx)\n", Status); + DPRINT1("ZwSetValueKey() failed (Status %lx)\n", Status); } else {