Author: ekohl Date: Fri Sep 26 23:46:59 2014 New Revision: 64318
URL: http://svn.reactos.org/svn/reactos?rev=64318&view=rev Log: [LSASRV] Fix memory related issues in calls to LsaEnumerateLogonSessions. - Initialize ClientBaseAddress to NULL because we do not need to allocate a fixed memory page. - Protect Length from being overwitten by NtWriteVirtualMemory.
Modified: trunk/reactos/dll/win32/lsasrv/session.c
Modified: trunk/reactos/dll/win32/lsasrv/session.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/session.c?... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] Fri Sep 26 23:46:59 2014 @@ -131,8 +131,8 @@ PLIST_ENTRY SessionEntry; PLSAP_LOGON_SESSION CurrentSession; PLUID SessionList; - ULONG i, Length; - PVOID ClientBaseAddress; + ULONG i, Length, MemSize; + PVOID ClientBaseAddress = NULL; NTSTATUS Status;
TRACE("LsapEnumLogonSessions()\n"); @@ -175,10 +175,11 @@ goto done; }
+ MemSize = Length; Status = NtAllocateVirtualMemory(ProcessHandle, &ClientBaseAddress, 0, - &Length, + &MemSize, MEM_COMMIT, PAGE_READWRITE); if (!NT_SUCCESS(Status))