[hbelusca] 69889: [CONSRV]: Use NtDuplicateObject with DUPLICATE_CLOSE_SOURCE to close a duplicated handle in a target process (instead of erroneously call NtClose on it). Should fix CORE-10510 and...
14 Nov
2015
14 Nov
'15
4:20 p.m.
Author: hbelusca
Date: Sat Nov 14 16:20:00 2015
New Revision: 69889
URL: http://svn.reactos.org/svn/reactos?rev=69889&view=rev
Log:
[CONSRV]: Use NtDuplicateObject with DUPLICATE_CLOSE_SOURCE to close a duplicated handle
in a target process (instead of erroneously call NtClose on it). Should fix CORE-10510 and
CORE-9742. Thanks to Thomas Faber for having pointed me to the source of the problem.
Modified:
trunk/reactos/win32ss/user/winsrv/consrv/condrv/graphics.c
trunk/reactos/win32ss/user/winsrv/consrv/handle.c
Modified: trunk/reactos/win32ss/user/winsrv/consrv/condrv/graphics.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv…
==============================================================================
--- trunk/reactos/win32ss/user/winsrv/consrv/condrv/graphics.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/winsrv/consrv/condrv/graphics.c [iso-8859-1] Sat Nov 14
16:20:00 2015
@@ -163,7 +163,8 @@
if (!NT_SUCCESS(Status))
{
DPRINT1("Error: Impossible to create a shared section, Status =
0x%08lx\n", Status);
- NtClose(NewBuffer->ClientMutex);
+ NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@@ -189,7 +190,8 @@
{
DPRINT1("Error: Impossible to map the shared section, Status =
0x%08lx\n", Status);
NtClose(NewBuffer->hSection);
- NtClose(NewBuffer->ClientMutex);
+ NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@@ -217,7 +219,8 @@
DPRINT1("Error: Impossible to map the shared section, Status =
0x%08lx\n", Status);
NtUnmapViewOfSection(NtCurrentProcess(), NewBuffer->BitMap);
NtClose(NewBuffer->hSection);
- NtClose(NewBuffer->ClientMutex);
+ NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@@ -260,7 +263,8 @@
NtUnmapViewOfSection(Buff->ClientProcess, Buff->ClientBitMap);
NtUnmapViewOfSection(NtCurrentProcess(), Buff->BitMap);
NtClose(Buff->hSection);
- NtClose(Buff->ClientMutex);
+ NtDuplicateObject(Buff->ClientProcess, Buff->ClientMutex,
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(Buff->Mutex);
ConsoleFreeHeap(Buff->BitMapInfo);
Modified: trunk/reactos/win32ss/user/winsrv/consrv/handle.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv…
==============================================================================
--- trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] Sat Nov 14 16:20:00
2015
@@ -548,7 +548,9 @@
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InitEvents[INIT_FAILURE]) failed: %lu\n",
Status);
- NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ConSrvDeleteConsole(Console);
ProcessData->ConsoleHandle = NULL;
@@ -564,8 +566,12 @@
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InputWaitHandle) failed: %lu\n", Status);
- NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_FAILURE]);
- NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_FAILURE],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ConSrvDeleteConsole(Console);
ProcessData->ConsoleHandle = NULL;
@@ -669,7 +675,9 @@
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InitEvents[INIT_FAILURE]) failed: %lu\n",
Status);
- NtClose(ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+ ConsoleStartInfo->InitEvents[INIT_SUCCESS],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ProcessData->ConsoleHandle = NULL;
goto Quit;
@@ -684,8 +692,12 @@
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InputWaitHandle) failed: %lu\n", Status);
- NtClose(ConsoleStartInfo->InitEvents[INIT_FAILURE]);
- NtClose(ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+ ConsoleStartInfo->InitEvents[INIT_FAILURE],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
+ NtDuplicateObject(ProcessData->Process->ProcessHandle,
+ ConsoleStartInfo->InitEvents[INIT_SUCCESS],
+ NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData); // NOTE: Always free the handles table.
ProcessData->ConsoleHandle = NULL;
goto Quit;
3289
days inactive
3289
days old
0 comments
1 participants
participants (1)
-
hbelusca@svn.reactos.org