11 May
2008
11 May
'08
9:39 a.m.
Author: navaraf
Date: Sun May 11 04:39:26 2008
New Revision: 33428
URL: http://svn.reactos.org/svn/reactos?rev=33428&view=rev
Log:
SEH protect NtReplyWaitReceivePortEx and fix one instance of message type checking to
correctly account for kernel LPC messages.
Modified:
trunk/reactos/ntoskrnl/lpc/reply.c
Modified: trunk/reactos/ntoskrnl/lpc/reply.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/reply.c?rev=3…
==============================================================================
--- trunk/reactos/ntoskrnl/lpc/reply.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/lpc/reply.c [iso-8859-1] Sun May 11 04:39:26 2008
@@ -160,11 +160,14 @@
{
PLPCP_PORT_OBJECT Port, ReceivePort, ConnectionPort = NULL;
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(), WaitMode = PreviousMode;
- NTSTATUS Status;
+ NTSTATUS Status = STATUS_SUCCESS;
PLPCP_MESSAGE Message;
PETHREAD Thread = PsGetCurrentThread(), WakeupThread;
PLPCP_CONNECTION_MESSAGE ConnectMessage;
ULONG ConnectionInfoLength;
+ PORT_MESSAGE CapturedReplyMessage;
+ LARGE_INTEGER CapturedTimeout;
+
PAGED_CODE();
LPCTRACE(LPC_REPLY_DEBUG,
"Handle: %lx. Messages: %p/%p. Context: %p\n",
@@ -173,8 +176,42 @@
ReceiveMessage,
PortContext);
- /* If this is a system thread, then let it page out its stack */
- if (Thread->SystemThread) WaitMode = UserMode;
+ if (KeGetPreviousMode() == UserMode)
+ {
+ _SEH_TRY
+ {
+ if (ReplyMessage != NULL)
+ {
+ ProbeForRead(ReplyMessage, sizeof(PORT_MESSAGE), sizeof(ULONG));
+ RtlCopyMemory(&CapturedReplyMessage, ReplyMessage,
sizeof(PORT_MESSAGE));
+ ReplyMessage = &CapturedReplyMessage;
+ }
+
+ if (Timeout != NULL)
+ {
+ ProbeForReadLargeInteger(Timeout);
+ RtlCopyMemory(&CapturedTimeout, Timeout, sizeof(LARGE_INTEGER));
+ Timeout = &CapturedTimeout;
+ }
+
+ if (PortContext != NULL)
+ ProbeForWritePointer(PortContext);
+ }
+ _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
+
+ /* Bail out if pointer was invalid */
+ if (!NT_SUCCESS(Status))
+ return Status;
+ }
+ else
+ {
+ /* If this is a system thread, then let it page out its stack */
+ if (Thread->SystemThread) WaitMode = UserMode;
+ }
/* Check if caller has a reply message */
if (ReplyMessage)
@@ -388,68 +425,76 @@
Thread->LpcReceivedMessageId = Message->Request.MessageId;
Thread->LpcReceivedMsgIdValid = TRUE;
- /* Check if this was a connection request */
- if (LpcpGetMessageType(&Message->Request) == LPC_CONNECTION_REQUEST)
- {
- /* Get the connection message */
- ConnectMessage = (PLPCP_CONNECTION_MESSAGE)(Message + 1);
- LPCTRACE(LPC_REPLY_DEBUG,
- "Request Messages: %p/%p\n",
- Message,
- ConnectMessage);
-
- /* Get its length */
- ConnectionInfoLength = Message->Request.u1.s1.DataLength -
- sizeof(LPCP_CONNECTION_MESSAGE);
-
- /* Return it as the receive message */
- *ReceiveMessage = Message->Request;
-
- /* Clear our stack variable so the message doesn't get freed */
- Message = NULL;
-
- /* Setup the receive message */
- ReceiveMessage->u1.s1.TotalLength = (CSHORT)(sizeof(LPCP_MESSAGE) +
- ConnectionInfoLength);
- ReceiveMessage->u1.s1.DataLength = (CSHORT)ConnectionInfoLength;
- RtlCopyMemory(ReceiveMessage + 1,
- ConnectMessage + 1,
- ConnectionInfoLength);
-
- /* Clear the port context if the caller requested one */
- if (PortContext) *PortContext = NULL;
- }
- else if (Message->Request.u2.s2.Type != LPC_REPLY)
- {
- /* Otherwise, this is a new message or event */
- LPCTRACE(LPC_REPLY_DEBUG,
- "Non-Reply Messages: %p/%p\n",
- &Message->Request,
- (&Message->Request) + 1);
-
- /* Copy it */
- LpcpMoveMessage(ReceiveMessage,
- &Message->Request,
- (&Message->Request) + 1,
- 0,
- NULL);
-
- /* Return its context */
- if (PortContext) *PortContext = Message->PortContext;
-
- /* And check if it has data information */
- if (Message->Request.u2.s2.DataInfoOffset)
- {
- /* It does, save it, and don't free the message below */
- LpcpSaveDataInfoMessage(Port, Message, 1);
+ _SEH_TRY
+ {
+ /* Check if this was a connection request */
+ if (LpcpGetMessageType(&Message->Request) == LPC_CONNECTION_REQUEST)
+ {
+ /* Get the connection message */
+ ConnectMessage = (PLPCP_CONNECTION_MESSAGE)(Message + 1);
+ LPCTRACE(LPC_REPLY_DEBUG,
+ "Request Messages: %p/%p\n",
+ Message,
+ ConnectMessage);
+
+ /* Get its length */
+ ConnectionInfoLength = Message->Request.u1.s1.DataLength -
+ sizeof(LPCP_CONNECTION_MESSAGE);
+
+ /* Return it as the receive message */
+ *ReceiveMessage = Message->Request;
+
+ /* Clear our stack variable so the message doesn't get freed */
Message = NULL;
- }
- }
- else
- {
- /* This is a reply message, should never happen! */
- ASSERT(FALSE);
- }
+
+ /* Setup the receive message */
+ ReceiveMessage->u1.s1.TotalLength = (CSHORT)(sizeof(LPCP_MESSAGE) +
+ ConnectionInfoLength);
+ ReceiveMessage->u1.s1.DataLength = (CSHORT)ConnectionInfoLength;
+ RtlCopyMemory(ReceiveMessage + 1,
+ ConnectMessage + 1,
+ ConnectionInfoLength);
+
+ /* Clear the port context if the caller requested one */
+ if (PortContext) *PortContext = NULL;
+ }
+ else if (LpcpGetMessageType(&Message->Request) != LPC_REPLY)
+ {
+ /* Otherwise, this is a new message or event */
+ LPCTRACE(LPC_REPLY_DEBUG,
+ "Non-Reply Messages: %p/%p\n",
+ &Message->Request,
+ (&Message->Request) + 1);
+
+ /* Copy it */
+ LpcpMoveMessage(ReceiveMessage,
+ &Message->Request,
+ (&Message->Request) + 1,
+ 0,
+ NULL);
+
+ /* Return its context */
+ if (PortContext) *PortContext = Message->PortContext;
+
+ /* And check if it has data information */
+ if (Message->Request.u2.s2.DataInfoOffset)
+ {
+ /* It does, save it, and don't free the message below */
+ LpcpSaveDataInfoMessage(Port, Message, 1);
+ Message = NULL;
+ }
+ }
+ else
+ {
+ /* This is a reply message, should never happen! */
+ ASSERT(FALSE);
+ }
+ }
+ _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
+ {
+ Status = _SEH_GetExceptionCode();
+ }
+ _SEH_END;
/* Check if we have a message pointer here */
if (Message)