[pschweitzer] 68223: [NTOSKRNL] - Probe input buffer for read in NtSetSystemInformation() and call the helpers function in a PSEH block - For the NtSetSytemInformation - SystemSessionCreate specifi... - Ros-diffs

21 Jun 2015

Author: pschweitzer
Date: Sun Jun 21 08:06:25 2015
New Revision: 68223

URL: http://svn.reactos.org/svn/reactos?rev=68223&view=rev
Log:
[NTOSKRNL]
- Probe input buffer for read in NtSetSystemInformation() and call the helpers function in
a PSEH block
- For the NtSetSytemInformation - SystemSessionCreate specific case, as we return session
ID, probe for write directly there.

Modified:
    trunk/reactos/ntoskrnl/ex/sysinfo.c

Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=…
==============================================================================

--- trunk/reactos/ntoskrnl/ex/sysinfo.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ex/sysinfo.c	[iso-8859-1] Sun Jun 21 08:06:25 2015
@@ -2068,6 +2068,8 @@
         {
             return STATUS_PRIVILEGE_NOT_HELD;
         }
+
+        ProbeForWriteUlong(Buffer);
     }
 
     Status = MmSessionCreate(&SessionId);
@@ -2452,43 +2454,47 @@
                         IN PVOID SystemInformation,
                         IN ULONG SystemInformationLength)
 {
+    NTSTATUS Status = STATUS_INVALID_INFO_CLASS;
+    KPROCESSOR_MODE PreviousMode;
+
     PAGED_CODE();
 
-    /*
-     * If called from user mode, check
-     * possible unsafe arguments.
-     */
-#if 0
-    if (KernelMode != KeGetPreviousMode())
-    {
-        // Check arguments
-        //ProbeForWrite(
-        //    SystemInformation,
-        //    Length
-        //    );
-        //ProbeForWrite(
-        //    ResultLength,
-        //    sizeof (ULONG)
-        //    );
-    }
-#endif
-    /*
-     * Check the request is valid.
-     */
-    if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) &&
-        (SystemInformationClass < MAX_SYSTEM_INFO_CLASS))
-    {
-        if (NULL != CallQS [SystemInformationClass].Set)
-        {
-            /*
-             * Hand the request to a subhandler.
-             */
-            return CallQS [SystemInformationClass].Set(SystemInformation,
-                                                       SystemInformationLength);
-        }
-    }
-
-    return STATUS_INVALID_INFO_CLASS;
+    PreviousMode = ExGetPreviousMode();
+
+    _SEH2_TRY
+    {
+        /*
+         * If called from user mode, check
+         * possible unsafe arguments.
+         */
+        if (PreviousMode != KernelMode)
+        {
+            ProbeForRead(SystemInformation, SystemInformationLength, sizeof(ULONG));
+        }
+
+        /*
+         * Check the request is valid.
+         */
+        if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) &&
+            (SystemInformationClass < MAX_SYSTEM_INFO_CLASS))
+        {
+            if (NULL != CallQS [SystemInformationClass].Set)
+            {
+                /*
+                 * Hand the request to a subhandler.
+                 */
+                Status = CallQS [SystemInformationClass].Set(SystemInformation,
+                                                             SystemInformationLength);
+            }
+        }
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Status = _SEH2_GetExceptionCode();
+    }
+    _SEH2_END;
+
+    return Status;
 }
 
 NTSTATUS



    