[ros-diffs] [dgorbachev] 41076: Fix buffer overflow, add some debug prints.

Author: dgorbachev Date: Sat May 23 19:02:19 2009 New Revision: 41076

URL: http://svn.reactos.org/svn/reactos?rev=41076&view=rev Log: Fix buffer overflow, add some debug prints.

Modified: trunk/reactos/base/system/smss/smapi.c trunk/reactos/include/reactos/subsys/sm/api.h

Modified: trunk/reactos/base/system/smss/smapi.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/smapi.c?re... ============================================================================== --- trunk/reactos/base/system/smss/smapi.c [iso-8859-1] (original) +++ trunk/reactos/base/system/smss/smapi.c [iso-8859-1] Sat May 23 19:02:19 2009 @@ -68,7 +68,7 @@ ULONG CallbackPortNameLength = SM_SB_NAME_MAX_LENGTH; /* TODO: compute length */ SB_CONNECT_DATA SbConnectData; ULONG SbConnectDataLength = sizeof SbConnectData; - SECURITY_QUALITY_OF_SERVICE SecurityQos; + SECURITY_QUALITY_OF_SERVICE SecurityQos;

DPRINT("SM: %s called\n", __FUNCTION__);

@@ -118,7 +118,7 @@ HANDLE ConnectedPort = * (PHANDLE) pConnectedPort;

DPRINT("SM: %s called\n", __FUNCTION__); - RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE)); + RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE));

while (TRUE) { @@ -160,10 +160,13 @@ } } else { /* LPC failed */ + DPRINT1("SM: %s: NtReplyWaitReceivePort() failed (Status=0x%08lx)\n", + __FUNCTION__, Status); break; } } NtClose (ConnectedPort); + DPRINT("SM: %s done\n", __FUNCTION__); NtTerminateThread (NtCurrentThread(), Status); }

@@ -267,7 +270,7 @@ __FUNCTION__, Status); return Status; } else { - DPRINT("SM: %s: completing conn req\n", __FUNCTION__); + DPRINT("SM: %s: completing connection request\n", __FUNCTION__); Status = NtCompleteConnectPort (*ClientDataApiPort); if (!NT_SUCCESS(Status)) { @@ -293,6 +296,7 @@ * necessary in NT LPC, because server side connected ports are * never used to receive requests. */ +#if 0 VOID NTAPI SmpApiThread (HANDLE ListeningPort) { @@ -323,7 +327,7 @@ /* DIE */ NtTerminateThread(NtCurrentThread(), Status); } - +#endif

/* LPC PORT INITIALIZATION **************************************************/

@@ -338,7 +342,7 @@ SmCreateApiPort(VOID) { OBJECT_ATTRIBUTES ObjectAttributes = {0}; - UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(L"\SmApiPort"); + UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(SM_API_PORT_NAME); NTSTATUS Status = STATUS_SUCCESS;

InitializeObjectAttributes(&ObjectAttributes,

Modified: trunk/reactos/include/reactos/subsys/sm/api.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/subsys/sm/a... ============================================================================== --- trunk/reactos/include/reactos/subsys/sm/api.h [iso-8859-1] (original) +++ trunk/reactos/include/reactos/subsys/sm/api.h [iso-8859-1] Sat May 23 19:02:19 2009 @@ -1,4 +1,3 @@ -/* $Id$ */ #ifndef __SM_API_H #define __SM_API_H

@@ -107,7 +106,7 @@

/*** | ****************************************************************/

-typedef union _SM_PORT_MESSAGE +typedef struct _SM_PORT_MESSAGE { /*** LPC common header ***/ PORT_MESSAGE Header; @@ -115,7 +114,6 @@ { struct { - UCHAR LpcHeader[sizeof(PORT_MESSAGE)]; /*** SM common header ***/ struct { @@ -139,7 +137,7 @@ } Reply; }; }; - UCHAR PadBuffer[PORT_MAXIMUM_MESSAGE_LENGTH]; + SM_CONNECT_DATA ConnectData; }; } SM_PORT_MESSAGE, * PSM_PORT_MESSAGE;