[sginsberg] 41972: - Don't assume the object body allocated by ObCreateObject (through ObpAllocateObject) is zero-initialized (it shouldn't be). - Ros-diffs

15 Jul 2009

Author: sginsberg
Date: Wed Jul 15 18:13:08 2009
New Revision: 41972
URL: http://svn.reactos.org/svn/reactos?rev=41972&view=rev
Log:
- Don't assume the object body allocated by ObCreateObject (through ObpAllocateObject) is zero-initialized (it shouldn't be).
Modified:
    trunk/reactos/ntoskrnl/mm/section.c
    trunk/reactos/ntoskrnl/se/token.c
    trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c
    trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c
Modified: trunk/reactos/ntoskrnl/mm/section.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/section.c?rev=4...
==============================================================================

--- trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] Wed Jul 15 18:13:08 2009
@@ -2375,6 +2375,8 @@
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
    Section->Segment = NULL;
@@ -2447,6 +2449,8 @@
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
    Section->Segment = NULL;
@@ -3373,6 +3377,9 @@
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
+   Section->MaximumSize.QuadPart = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
Modified: trunk/reactos/ntoskrnl/se/token.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=419...
==============================================================================
--- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Wed Jul 15 18:13:08 2009
@@ -247,7 +247,10 @@
         DPRINT1("ObCreateObject() failed (Status %lx)\n");
         return(Status);
     }
-    
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
+
     Status = ZwAllocateLocallyUniqueId(&AccessToken->TokenId);
     if (!NT_SUCCESS(Status))
     {
@@ -264,7 +267,6 @@
AccessToken->TokenLock = &SepTokenLock;
-    AccessToken->TokenInUse = 0;
     AccessToken->TokenType  = TokenType;
     AccessToken->ImpersonationLevel = Level;
     RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
@@ -331,10 +333,6 @@
             memcpy(AccessToken->DefaultDacl,
                    Token->DefaultDacl,
                    Token->DefaultDacl->AclSize);
-        }
-        else
-        {
-            AccessToken->DefaultDacl = 0;
         }
     }
@@ -549,6 +547,9 @@
     {
         return NULL;
     }
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
Status = ExpAllocateLocallyUniqueId(&AccessToken->TokenId);
     if (!NT_SUCCESS(Status))
@@ -575,8 +576,6 @@
AccessToken->TokenType = TokenPrimary;
     AccessToken->ImpersonationLevel = SecurityDelegation;
-    AccessToken->TokenSource.SourceIdentifier.LowPart = 0;
-    AccessToken->TokenSource.SourceIdentifier.HighPart = 0;
     memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8);
     AccessToken->ExpirationTime.QuadPart = -1;
     AccessToken->UserAndGroupCount = 4;
@@ -2042,6 +2041,9 @@
         DPRINT1("ObCreateObject() failed (Status %lx)\n");
         return(Status);
     }
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
AccessToken->TokenLock = &SepTokenLock;
@@ -2058,8 +2060,6 @@
AccessToken->UserAndGroupCount = TokenGroups->GroupCount + 1;
     AccessToken->PrivilegeCount    = TokenPrivileges->PrivilegeCount;
-    AccessToken->UserAndGroups     = 0;
-    AccessToken->Privileges        = 0;
AccessToken->TokenType = TokenType;
     AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE)
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu...
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] Wed Jul 15 18:13:08 2009
@@ -142,6 +142,7 @@
     if (!NT_SUCCESS(Status)) return Status;
/* Initialize shell hook window list and set the parent */
+    RtlZeroMemory(Desktop, sizeof(DESKTOP));
     InitializeListHead(&Desktop->ShellHookWindows);
     Desktop->WindowStation = (PWINSTATION_OBJECT)ParseObject;
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu...
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/winsta.c [iso-8859-1] Wed Jul 15 18:13:08 2009
@@ -482,6 +482,9 @@
       SetLastNtError(STATUS_INSUFFICIENT_RESOURCES);
       return 0;
    }
+
+   /* Zero out the buffer */
+   RtlZeroMemory(WindowStationObject, sizeof(WINSTATION_OBJECT));
KeInitializeSpinLock(&WindowStationObject->Lock);

    