Author: tfaber Date: Thu Dec 25 23:10:47 2014 New Revision: 65827 URL: http://svn.reactos.org/svn/reactos?rev=65827&view=rev Log: [WIN32K:NTUSER] - Don't forget to ProbeForWrite in NtUserProcessConnect - Use SEH in NtUserSetInformationThread:UserThreadCsrApiPort Modified: trunk/reactos/win32ss/user/ntuser/ntstubs.c Modified: trunk/reactos/win32ss/user/ntuser/ntstubs.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/ntstub… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/ntstubs.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/ntstubs.c [iso-8859-1] Thu Dec 25 23:10:47 2014 @@ -754,6 +754,7 @@ { // FIXME: Check that pUserConnect->ulVersion == USER_VERSION; + ProbeForWrite(pUserConnect, sizeof(*pUserConnect), sizeof(PVOID)); pUserConnect->siClient.psi = gpsi; pUserConnect->siClient.aheList = gHandleTable; pUserConnect->siClient.ulSharedDelta = @@ -916,6 +917,7 @@ { NTSTATUS Status = STATUS_SUCCESS; PETHREAD Thread; + HANDLE CsrPortHandle; /* Allow only CSRSS to perform this operation */ if (PsGetCurrentProcess() != gpepCSRSS) @@ -959,7 +961,23 @@ Status = STATUS_INFO_LENGTH_MISMATCH; break; } - Status = InitCsrApiPort(*(PHANDLE)ThreadInformation); + + Status = STATUS_SUCCESS; + _SEH2_TRY + { + ProbeForRead(ThreadInformation, sizeof(HANDLE), sizeof(PVOID)); + CsrPortHandle = *(PHANDLE)ThreadInformation; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + if (NT_SUCCESS(Status)) + { + Status = InitCsrApiPort(CsrPortHandle); + } break; }