Author: fireball Date: Wed Apr 23 11:40:08 2008 New Revision: 33128
URL: http://svn.reactos.org/svn/reactos?rev=33128&view=rev Log: - Fix logic bugs in LpcRequestPort (which is not the same as NtRequestPort as someone incorrectly assumed previously) and also reference/dereference the process who owns the server mapping.
Modified: trunk/reactos/ntoskrnl/lpc/close.c trunk/reactos/ntoskrnl/lpc/connect.c trunk/reactos/ntoskrnl/lpc/send.c
Modified: trunk/reactos/ntoskrnl/lpc/close.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/close.c?rev=33... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/close.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/close.c [iso-8859-1] Wed Apr 23 11:40:08 2008 @@ -374,7 +374,7 @@ }
/* Dereference the mapping process */ - //ObDereferenceObject(Port->MappingProcess); + ObDereferenceObject(Port->MappingProcess); Port->MappingProcess = NULL; }
Modified: trunk/reactos/ntoskrnl/lpc/connect.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/connect.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] Wed Apr 23 11:40:08 2008 @@ -299,7 +299,7 @@
/* Reference and remember the process */ ClientPort->MappingProcess = PsGetCurrentProcess(); - //ObReferenceObject(ClientPort->MappingProcess); + ObReferenceObject(ClientPort->MappingProcess); } else {
Modified: trunk/reactos/ntoskrnl/lpc/send.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/send.c?rev=331... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] Wed Apr 23 11:40:08 2008 @@ -198,28 +198,41 @@ if (Thread->LpcExitThreadCalled) return STATUS_THREAD_IS_TERMINATING;
/* Check if this is an LPC Request */ - if (LpcpGetMessageType(LpcRequest) == LPC_REQUEST) - { - /* Then it's a callback */ - Callback = TRUE; - } - else - { - /* This is a kernel-mode message without a callback */ - LpcRequest->u2.s2.Type |= LPC_REQUEST; - Callback = FALSE; - } - - /* Get the message type */ - MessageType = LpcRequest->u2.s2.Type; - - /* Validate the length */ - if (((ULONG)LpcRequest->u1.s1.DataLength + sizeof(PORT_MESSAGE)) > - (ULONG)LpcRequest->u1.s1.TotalLength) - { - /* Fail */ - return STATUS_INVALID_PARAMETER; - } + MessageType = LpcpGetMessageType(LpcRequest); + switch (MessageType) + { + /* No type */ + case 0: + + /* Assume LPC request */ + MessageType = LPC_REQUEST; + break; + + /* LPC request callback */ + case LPC_REQUEST: + + /* This is a callback */ + Callback = TRUE; + break; + + /* Anything else */ + case LPC_CLIENT_DIED: + case LPC_PORT_CLOSED: + case LPC_EXCEPTION: + case LPC_DEBUG_EVENT: + case LPC_ERROR_EVENT: + + /* Nothing to do */ + break; + + default: + + /* Invalid message type */ + return STATUS_INVALID_PARAMETER; + } + + /* Set the request type */ + LpcRequest->u2.s2.Type = MessageType;
/* Validate the message length */ if (((ULONG)LpcRequest->u1.s1.TotalLength > Port->MaxMessageLength) || @@ -250,7 +263,7 @@ LpcpMoveMessage(&Message->Request, LpcRequest, LpcRequest + 1, - MessageType, + 0, &Thread->Cid);
/* Acquire the LPC lock */ @@ -383,19 +396,21 @@ (&Message->Request) + 1, 0, NULL); - - /* Check if this is an LPC request with data information */ - if ((LpcpGetMessageType(&Message->Request) == LPC_REQUEST) && - (Message->Request.u2.s2.DataInfoOffset)) - { - /* Save the data information */ - LpcpSaveDataInfoMessage(Port, Message, 0); - } - else - { - /* Otherwise, just free it */ - LpcpFreeToPortZone(Message, 0); - } + + /* Acquire the lock */ + KeAcquireGuardedMutex(&LpcpLock); + + /* Check if we replied to a thread */ + if (Message->RepliedToThread) + { + /* Dereference */ + ObDereferenceObject(Message->RepliedToThread); + Message->RepliedToThread = NULL; + } + + + /* Free the message */ + LpcpFreeToPortZone(Message, 3); } else { @@ -415,6 +430,7 @@ Port, Status);
+ /* Dereference the connection port */ if (ConnectionPort) ObDereferenceObject(ConnectionPort); return Status; }