[weiden] 18815: fixed ProbeAndCaptureUnicodeString to properly capture unicode strings - Ros-diffs

27 Oct 2005

fixed ProbeAndCaptureUnicodeString to properly capture unicode strings
Modified: trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h
  _____
Modified: trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h

--- trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h	2005-10-27
23:13:04 UTC (rev 18814)
+++ trunk/reactos/ntoskrnl/include/internal/ntoskrnl.h	2005-10-27
23:24:15 UTC (rev 18815)
@@ -90,11 +90,11 @@
NTSTATUS
 NTAPI
 ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest,
-                             KPROCESSOR_MODE CurrentMode,
+                             IN KPROCESSOR_MODE CurrentMode,
                              IN PUNICODE_STRING UnsafeSrc)
 {
     NTSTATUS Status = STATUS_SUCCESS;
-    PVOID Buffer;
+    WCHAR *Buffer;
     ASSERT(Dest != NULL);
/* Probe the structure and buffer*/
@@ -106,41 +106,59 @@
                          sizeof(UNICODE_STRING),
                          sizeof(ULONG));
             *Dest = *UnsafeSrc;
-            if(Dest->Length > 0)
+            if(Dest->Buffer != NULL)
             {
-                ProbeForRead(Dest->Buffer,
-                             Dest->Length,
-                             sizeof(WCHAR));
+                if (Dest->Length != 0)
+                {
+                    ProbeForRead(Dest->Buffer,
+                                 Dest->Length,
+                                 sizeof(WCHAR));
+
+                    /* Allocate space for the buffer */
+                    Buffer = ExAllocatePoolWithTag(PagedPool,
+                                                   Dest->Length +
sizeof(WCHAR),
+                                                   TAG('U', 'S', 'T',
'R'));
+                    if (Buffer == NULL)
+                    {
+                        Status = STATUS_INSUFFICIENT_RESOURCES;
+                        _SEH_LEAVE;
+                    }
+
+                    /* Copy it */
+                    RtlCopyMemory(Buffer, Dest->Buffer, Dest->Length);
+                    Buffer[Dest->Length / sizeof(WCHAR)] =
UNICODE_NULL;
+
+                    /* Set it as the buffer */
+                    Dest->Buffer = Buffer;
+                }
+                else
+                {
+                    /* sanitize structure */
+                    Dest->Length = 0;
+                    Dest->MaximumLength = 0;
+                    Dest->Buffer = NULL;
+                }
             }
+            else
+            {
+                /* sanitize structure */
+                Dest->Length = 0;
+                Dest->MaximumLength = 0;
+            }
         }
         _SEH_HANDLE
         {
             Status = _SEH_GetExceptionCode();
         }
         _SEH_END;
-
-        if (!NT_SUCCESS(Status)) return Status;
     }
     else
     {
-        /* Just copy it directly */
+        /* Just copy the UNICODE_STRING structure, don't allocate new
memory!
+           We trust the caller to supply valid pointers and data. */
         *Dest = *UnsafeSrc;
     }
-    /* Allocate space for the buffer */
-    Buffer = ExAllocatePool(PagedPool, Dest->MaximumLength);
-
-    if (Buffer != NULL)
-    {
-        /* Copy it */
-        RtlCopyMemory(Buffer, Dest->Buffer, Dest->MaximumLength);
-
-        /* Set it as the buffer */
-        Dest->Buffer = Buffer;
-    }
-    else
-        Status = STATUS_INSUFFICIENT_RESOURCES;
-
     /* Return */
     return Status;
 }
@@ -149,9 +167,12 @@
 VOID
 NTAPI
 ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString,
-                             KPROCESSOR_MODE CurrentMode)
+                             IN KPROCESSOR_MODE CurrentMode)
 {
-    if(CurrentMode != KernelMode) ExFreePool(CapturedString->Buffer);
+    if(CurrentMode != KernelMode && CapturedString->Buffer != NULL)
+    {
+        ExFreePool(CapturedString->Buffer);
+    }
 }
/*

    