Author: ekohl Date: Sat Dec 3 12:55:29 2016 New Revision: 73418 URL: http://svn.reactos.org/svn/reactos?rev=73418&view=rev Log: [SERVICES] Add more parameter checks to RChangeServiceConfigW(). Modified: trunk/reactos/base/system/services/rpcserver.c Modified: trunk/reactos/base/system/services/rpcserver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcse… ============================================================================== --- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Sat Dec 3 12:55:29 2016 @@ -1845,6 +1845,40 @@ DPRINT("Insufficient access rights! 0x%lx\n", hSvc->Handle.DesiredAccess); return ERROR_ACCESS_DENIED; } + + /* Check for invalid service type value */ + if ((dwServiceType != SERVICE_NO_CHANGE) && + (dwServiceType != SERVICE_KERNEL_DRIVER) && + (dwServiceType != SERVICE_FILE_SYSTEM_DRIVER) && + ((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_OWN_PROCESS) && + ((dwServiceType & ~SERVICE_INTERACTIVE_PROCESS) != SERVICE_WIN32_SHARE_PROCESS)) + return ERROR_INVALID_PARAMETER; + + /* Check for invalid start type value */ + if ((dwStartType != SERVICE_NO_CHANGE) && + (dwStartType != SERVICE_BOOT_START) && + (dwStartType != SERVICE_SYSTEM_START) && + (dwStartType != SERVICE_AUTO_START) && + (dwStartType != SERVICE_DEMAND_START) && + (dwStartType != SERVICE_DISABLED)) + return ERROR_INVALID_PARAMETER; + + /* Only drivers can be boot start or system start services */ + if ((dwStartType == SERVICE_BOOT_START) || + (dwStartType == SERVICE_SYSTEM_START)) + { + if ((dwServiceType != SERVICE_KERNEL_DRIVER) && + (dwServiceType != SERVICE_FILE_SYSTEM_DRIVER)) + return ERROR_INVALID_PARAMETER; + } + + /* Check for invalid error control value */ + if ((dwErrorControl != SERVICE_NO_CHANGE) && + (dwErrorControl != SERVICE_ERROR_IGNORE) && + (dwErrorControl != SERVICE_ERROR_NORMAL) && + (dwErrorControl != SERVICE_ERROR_SEVERE) && + (dwErrorControl != SERVICE_ERROR_CRITICAL)) + return ERROR_INVALID_PARAMETER; lpService = hSvc->ServiceEntry; if (lpService == NULL)