Author: sginsberg Date: Wed Jul 15 18:13:08 2009 New Revision: 41972 URL: http://svn.reactos.org/svn/reactos?rev=41972&view=rev Log: - Don't assume the object body allocated by ObCreateObject (through ObpAllocateObject) is zero-initialized (it shouldn't be). Modified: trunk/reactos/ntoskrnl/mm/section.c trunk/reactos/ntoskrnl/se/token.c trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c Modified: trunk/reactos/ntoskrnl/mm/section.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/section.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] Wed Jul 15 18:13:08 2009 @@ -2375,6 +2375,8 @@ /* * Initialize it */ + Section->Type = 0; + Section->Size = 0; Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; Section->Segment = NULL; @@ -2447,6 +2449,8 @@ /* * Initialize it */ + Section->Type = 0; + Section->Size = 0; Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; Section->Segment = NULL; @@ -3373,6 +3377,9 @@ /* * Initialize it */ + Section->Type = 0; + Section->Size = 0; + Section->MaximumSize.QuadPart = 0; Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=41… ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Wed Jul 15 18:13:08 2009 @@ -247,7 +247,10 @@ DPRINT1("ObCreateObject() failed (Status %lx)\n"); return(Status); } - + + /* Zero out the buffer */ + RtlZeroMemory(AccessToken, sizeof(TOKEN)); + Status = ZwAllocateLocallyUniqueId(&AccessToken->TokenId); if (!NT_SUCCESS(Status)) { @@ -264,7 +267,6 @@ AccessToken->TokenLock = &SepTokenLock; - AccessToken->TokenInUse = 0; AccessToken->TokenType = TokenType; AccessToken->ImpersonationLevel = Level; RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId); @@ -331,10 +333,6 @@ memcpy(AccessToken->DefaultDacl, Token->DefaultDacl, Token->DefaultDacl->AclSize); - } - else - { - AccessToken->DefaultDacl = 0; } } @@ -549,6 +547,9 @@ { return NULL; } + + /* Zero out the buffer */ + RtlZeroMemory(AccessToken, sizeof(TOKEN)); Status = ExpAllocateLocallyUniqueId(&AccessToken->TokenId); if (!NT_SUCCESS(Status)) @@ -575,8 +576,6 @@ AccessToken->TokenType = TokenPrimary; AccessToken->ImpersonationLevel = SecurityDelegation; - AccessToken->TokenSource.SourceIdentifier.LowPart = 0; - AccessToken->TokenSource.SourceIdentifier.HighPart = 0; memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8); AccessToken->ExpirationTime.QuadPart = -1; AccessToken->UserAndGroupCount = 4; @@ -2042,6 +2041,9 @@ DPRINT1("ObCreateObject() failed (Status %lx)\n"); return(Status); } + + /* Zero out the buffer */ + RtlZeroMemory(AccessToken, sizeof(TOKEN)); AccessToken->TokenLock = &SepTokenLock; @@ -2058,8 +2060,6 @@ AccessToken->UserAndGroupCount = TokenGroups->GroupCount + 1; AccessToken->PrivilegeCount = TokenPrivileges->PrivilegeCount; - AccessToken->UserAndGroups = 0; - AccessToken->Privileges = 0; AccessToken->TokenType = TokenType; AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE) Modified: trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] Wed Jul 15 18:13:08 2009 @@ -142,6 +142,7 @@ if (!NT_SUCCESS(Status)) return Status; /* Initialize shell hook window list and set the parent */ + RtlZeroMemory(Desktop, sizeof(DESKTOP)); InitializeListHead(&Desktop->ShellHookWindows); Desktop->WindowStation = (PWINSTATION_OBJECT)ParseObject; Modified: trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c [iso-8859-1] Wed Jul 15 18:13:08 2009 @@ -482,6 +482,9 @@ SetLastNtError(STATUS_INSUFFICIENT_RESOURCES); return 0; } + + /* Zero out the buffer */ + RtlZeroMemory(WindowStationObject, sizeof(WINSTATION_OBJECT)); KeInitializeSpinLock(&WindowStationObject->Lock);