[ros-diffs] [tfaber] 60401: [NTOSKRNL] - Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch

28 Sep 2013

Author: tfaber
Date: Sat Sep 28 08:37:47 2013
New Revision: 60401

URL: http://svn.reactos.org/svn/reactos?rev=60401&view=rev
Log:
[NTOSKRNL]
- Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander
Andrejevic.
CORE-7252
- Fix MSVC warning in HdlspDispatch

Modified:
    trunk/reactos/ntoskrnl/ex/hdlsterm.c
    trunk/reactos/ntoskrnl/ps/thread.c

Modified: trunk/reactos/ntoskrnl/ex/hdlsterm.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/hdlsterm.c?rev…
==============================================================================

--- trunk/reactos/ntoskrnl/ex/hdlsterm.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ex/hdlsterm.c	[iso-8859-1] Sat Sep 28 08:37:47 2013
@@ -417,7 +417,7 @@
             HeadlessInfo = OutputBuffer;
             HeadlessInfo->PortType = HeadlessSerialPort;
             HeadlessInfo->Serial.TerminalAttached = TRUE;
-            HeadlessInfo->Serial.UsedBiosSettings =
HeadlessGlobals->UsedBiosSettings;
+            HeadlessInfo->Serial.UsedBiosSettings =
HeadlessGlobals->UsedBiosSettings != 0;
             HeadlessInfo->Serial.TerminalBaudRate =
HeadlessGlobals->TerminalBaudRate;
             HeadlessInfo->Serial.TerminalType = HeadlessGlobals->TerminalType;
 

Modified: trunk/reactos/ntoskrnl/ps/thread.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/thread.c?rev=6…
==============================================================================
--- trunk/reactos/ntoskrnl/ps/thread.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ps/thread.c	[iso-8859-1] Sat Sep 28 08:37:47 2013
@@ -317,19 +317,30 @@
             return Status;
         }
 
-        /* Set the Start Addresses */
-        Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
-        Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext);
+        /* Set the Start Addresses from the untrusted ThreadContext */
+        _SEH2_TRY
+        {
+            Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
+            Thread->Win32StartAddress =
(PVOID)KeGetContextReturnRegister(ThreadContext);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            Status = _SEH2_GetExceptionCode();
+        }
+        _SEH2_END;
 
         /* Let the kernel intialize the Thread */
-        Status = KeInitThread(&Thread->Tcb,
-                              NULL,
-                              PspUserThreadStartup,
-                              NULL,
-                              Thread->StartAddress,
-                              ThreadContext,
-                              TebBase,
-                              &Process->Pcb);
+        if (NT_SUCCESS(Status))
+        {
+            Status = KeInitThread(&Thread->Tcb,
+                                  NULL,
+                                  PspUserThreadStartup,
+                                  NULL,
+                                  Thread->StartAddress,
+                                  ThreadContext,
+                                  TebBase,
+                                  &Process->Pcb);
+        }
     }
     else
     {



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [tfaber] 60401: [NTOSKRNL] - Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch