26 Sep
2014
26 Sep
'14
11:47 p.m.
Author: ekohl
Date: Fri Sep 26 23:46:59 2014
New Revision: 64318
URL: http://svn.reactos.org/svn/reactos?rev=64318&view=rev
Log:
[LSASRV]
Fix memory related issues in calls to LsaEnumerateLogonSessions.
- Initialize ClientBaseAddress to NULL because we do not need to allocate a fixed memory
page.
- Protect Length from being overwitten by NtWriteVirtualMemory.
Modified:
trunk/reactos/dll/win32/lsasrv/session.c
Modified: trunk/reactos/dll/win32/lsasrv/session.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/session.c…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] Fri Sep 26 23:46:59 2014
@@ -131,8 +131,8 @@
PLIST_ENTRY SessionEntry;
PLSAP_LOGON_SESSION CurrentSession;
PLUID SessionList;
- ULONG i, Length;
- PVOID ClientBaseAddress;
+ ULONG i, Length, MemSize;
+ PVOID ClientBaseAddress = NULL;
NTSTATUS Status;
TRACE("LsapEnumLogonSessions()\n");
@@ -175,10 +175,11 @@
goto done;
}
+ MemSize = Length;
Status = NtAllocateVirtualMemory(ProcessHandle,
&ClientBaseAddress,
0,
- &Length,
+ &MemSize,
MEM_COMMIT,
PAGE_READWRITE);
if (!NT_SUCCESS(Status))