Author: hbelusca Date: Thu Dec 6 23:43:31 2012 New Revision: 57810 URL: http://svn.reactos.org/svn/reactos?rev=57810&view=rev Log: [CSRSRV/BASESRV/CONSRV/WINSRV] - Add a useful CHECK_API_MSG_SIZE macro to check whether a server message structure can hold in a CSR_API_MESSAGE structure. These checks are required because LPC will use the generic CSR_API_MESSAGE structure for communicating all the different servers' messages, and thus we avoid possible buffer overflows with this method. - Effectively use this macro for all the server message structures. - Remove a hack regarding the maximum data size we can pass through the CSR LPC port. - Remove the now unused CSRSS_HEADER_SIZE symbol. Modified: branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h branches/ros-csrss/include/reactos/subsys/win/basemsg.h branches/ros-csrss/include/reactos/subsys/win/conmsg.h branches/ros-csrss/include/reactos/subsys/win/winmsg.h branches/ros-csrss/subsystems/win32/csrsrv/api.c Modified: branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy… ============================================================================== --- branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h [iso-8859-1] (original) +++ branches/ros-csrss/include/reactos/subsys/csr/csrmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012 @@ -64,6 +64,10 @@ HANDLE ProcessId; } CSR_CONNECTION_INFO, *PCSR_CONNECTION_INFO; +// We must have a size at most equal to the maximum acceptable LPC data size. +C_ASSERT(sizeof(CSR_CONNECTION_INFO) <= LPC_MAX_DATA_LENGTH); + + typedef struct _CSR_IDENTIFY_ALTERTABLE_THREAD { CLIENT_ID Cid; @@ -97,8 +101,6 @@ ULONG_PTR PointerOffsetsArray[ANYSIZE_ARRAY]; } CSR_CAPTURE_BUFFER, *PCSR_CAPTURE_BUFFER; -/* Keep in sync with definition below. */ -// #define CSRSS_HEADER_SIZE (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(NTSTATUS)) typedef struct _CSR_API_MESSAGE { @@ -117,11 +119,38 @@ CSR_CLIENT_CONNECT CsrClientConnect; CSR_SET_PRIORITY_CLASS SetPriorityClass; CSR_IDENTIFY_ALTERTABLE_THREAD IdentifyAlertableThread; + + // + // This padding is used to make the CSR_API_MESSAGE structure + // large enough to hold full other API_MESSAGE-type structures + // used by other servers. These latter structures's sizes must + // be checked against the size of CSR_API_MESSAGE by using the + // CHECK_API_MSG_SIZE macro defined below. + // + // This is required because LPC will use this generic structure + // for communicating all the different servers' messages, and + // thus we avoid possible buffer overflows with this method. + // The problems there are, that we have to manually adjust the + // size of the padding to hope that all the servers' messaging + // structures will hold in it, or, that we have to be careful + // to not define too big messaging structures for the servers. + // + // Finally, the overall message structure size must be at most + // equal to the maximum acceptable LPC message size. + // + ULONG_PTR Padding[35]; } Data; }; }; } CSR_API_MESSAGE, *PCSR_API_MESSAGE; +// We must have a size at most equal to the maximum acceptable LPC message size. +C_ASSERT(sizeof(CSR_API_MESSAGE) <= LPC_MAX_MESSAGE_LENGTH); + +// Macro to check that the total size of servers' message structures +// are at most equal to the size of the CSR_API_MESSAGE structure. +#define CHECK_API_MSG_SIZE(type) C_ASSERT(sizeof(type) <= sizeof(CSR_API_MESSAGE)) + #endif // _CSRMSG_H /* EOF */ Modified: branches/ros-csrss/include/reactos/subsys/win/basemsg.h URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy… ============================================================================== --- branches/ros-csrss/include/reactos/subsys/win/basemsg.h [iso-8859-1] (original) +++ branches/ros-csrss/include/reactos/subsys/win/basemsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012 @@ -203,6 +203,9 @@ } Data; } BASE_API_MESSAGE, *PBASE_API_MESSAGE; +// Check that a BASE_API_MESSAGE can hold in a CSR_API_MESSAGE. +CHECK_API_MSG_SIZE(BASE_API_MESSAGE); + #endif // _BASEMSG_H /* EOF */ Modified: branches/ros-csrss/include/reactos/subsys/win/conmsg.h URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy… ============================================================================== --- branches/ros-csrss/include/reactos/subsys/win/conmsg.h [iso-8859-1] (original) +++ branches/ros-csrss/include/reactos/subsys/win/conmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012 @@ -618,6 +618,9 @@ } Data; } CONSOLE_API_MESSAGE, *PCONSOLE_API_MESSAGE; +// Check that a CONSOLE_API_MESSAGE can hold in a CSR_API_MESSAGE. +CHECK_API_MSG_SIZE(CONSOLE_API_MESSAGE); + #endif // _CONMSG_H /* EOF */ Modified: branches/ros-csrss/include/reactos/subsys/win/winmsg.h URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/include/reactos/subsy… ============================================================================== --- branches/ros-csrss/include/reactos/subsys/win/winmsg.h [iso-8859-1] (original) +++ branches/ros-csrss/include/reactos/subsys/win/winmsg.h [iso-8859-1] Thu Dec 6 23:43:31 2012 @@ -83,6 +83,9 @@ } Data; } USER_API_MESSAGE, *PUSER_API_MESSAGE; +// Check that a USER_API_MESSAGE can hold in a CSR_API_MESSAGE. +CHECK_API_MSG_SIZE(USER_API_MESSAGE); + #endif // _WINMSG_H /* EOF */ Modified: branches/ros-csrss/subsystems/win32/csrsrv/api.c URL: http://svn.reactos.org/svn/reactos/branches/ros-csrss/subsystems/win32/csrs… ============================================================================== --- branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] (original) +++ branches/ros-csrss/subsystems/win32/csrsrv/api.c [iso-8859-1] Thu Dec 6 23:43:31 2012 @@ -919,13 +919,13 @@ &CsrApiPortName, 0, NULL, - NULL /* FIXME*/); + NULL /* FIXME: Use the Security Descriptor */); /* Create the Port Object */ Status = NtCreatePort(&CsrApiPort, &ObjectAttributes, - LPC_MAX_DATA_LENGTH, // HACK: the real value is: sizeof(CSR_CONNECTION_INFO), - LPC_MAX_MESSAGE_LENGTH, // HACK: the real value is: sizeof(CSR_API_MESSAGE), + sizeof(CSR_CONNECTION_INFO), + sizeof(CSR_API_MESSAGE), 16 * PAGE_SIZE); if (NT_SUCCESS(Status)) {