Author: hbelusca Date: Mon Nov 7 12:35:09 2016 New Revision: 73166
URL: http://svn.reactos.org/svn/reactos?rev=73166&view=rev Log: [NTOS:LPC] - Capture the ServerView/ClientView *only* when those pointers are not NULL. - Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100
Modified: trunk/reactos/ntoskrnl/lpc/complete.c trunk/reactos/ntoskrnl/lpc/connect.c trunk/reactos/ntoskrnl/lpc/send.c
Modified: trunk/reactos/ntoskrnl/lpc/complete.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/complete.c?rev... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -84,7 +84,9 @@ ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
/* The following parameters are optional */ - if (ServerView != NULL) + + /* Capture the server view */ + if (ServerView) { ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG)); CapturedServerView = *(volatile PORT_VIEW*)ServerView; @@ -97,7 +99,8 @@ } }
- if (ClientView != NULL) + /* Capture the client view */ + if (ClientView) { ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
@@ -121,19 +124,27 @@ CapturedReplyMessage = *ReplyMessage; ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
- /* Validate the size of the server view */ - if ((ServerView) && (ServerView->Length != sizeof(*ServerView))) - { - /* Invalid size */ - return STATUS_INVALID_PARAMETER; - } - CapturedServerView = *ServerView; - - /* Validate the size of the client view */ - if ((ClientView) && (ClientView->Length != sizeof(*ClientView))) - { - /* Invalid size */ - return STATUS_INVALID_PARAMETER; + /* Capture the server view */ + if (ServerView) + { + /* Validate the size of the server view */ + if (ServerView->Length != sizeof(*ServerView)) + { + /* Invalid size */ + return STATUS_INVALID_PARAMETER; + } + CapturedServerView = *ServerView; + } + + /* Capture the client view */ + if (ClientView) + { + /* Validate the size of the client view */ + if (ClientView->Length != sizeof(*ClientView)) + { + /* Invalid size */ + return STATUS_INVALID_PARAMETER; + } } }
Modified: trunk/reactos/ntoskrnl/lpc/connect.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/connect.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -130,7 +130,7 @@ /* The following parameters are optional */
/* Capture the client view */ - if (ClientView != NULL) + if (ClientView) { ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG)); CapturedClientView = *(volatile PORT_VIEW*)ClientView; @@ -145,7 +145,7 @@ }
/* Capture the server view */ - if (ServerView != NULL) + if (ServerView) { ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
@@ -202,7 +202,7 @@ /* The following parameters are optional */
/* Capture the client view */ - if (ClientView != NULL) + if (ClientView) { /* Validate the size of the client view */ if (ClientView->Length != sizeof(*ClientView)) @@ -214,7 +214,7 @@ }
/* Capture the server view */ - if (ServerView != NULL) + if (ServerView) { /* Validate the size of the server view */ if (ServerView->Length != sizeof(*ServerView))
Modified: trunk/reactos/ntoskrnl/lpc/send.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/send.c?rev=731... ============================================================================== --- trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -857,7 +857,7 @@
/* Copy it */ LpcpMoveMessage(&Message->Request, - LpcRequest, + &CapturedLpcRequest, LpcRequest + 1, MessageType, &Thread->Cid);