[tfaber] 60401: [NTOSKRNL] - Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch
28 Sep
2013
28 Sep
'13
8:37 a.m.
Author: tfaber
Date: Sat Sep 28 08:37:47 2013
New Revision: 60401
URL: http://svn.reactos.org/svn/reactos?rev=60401&view=rev
Log:
[NTOSKRNL]
- Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander
Andrejevic.
CORE-7252
- Fix MSVC warning in HdlspDispatch
Modified:
trunk/reactos/ntoskrnl/ex/hdlsterm.c
trunk/reactos/ntoskrnl/ps/thread.c
Modified: trunk/reactos/ntoskrnl/ex/hdlsterm.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/hdlsterm.c?rev…
==============================================================================
--- trunk/reactos/ntoskrnl/ex/hdlsterm.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ex/hdlsterm.c [iso-8859-1] Sat Sep 28 08:37:47 2013
@@ -417,7 +417,7 @@
HeadlessInfo = OutputBuffer;
HeadlessInfo->PortType = HeadlessSerialPort;
HeadlessInfo->Serial.TerminalAttached = TRUE;
- HeadlessInfo->Serial.UsedBiosSettings =
HeadlessGlobals->UsedBiosSettings;
+ HeadlessInfo->Serial.UsedBiosSettings =
HeadlessGlobals->UsedBiosSettings != 0;
HeadlessInfo->Serial.TerminalBaudRate =
HeadlessGlobals->TerminalBaudRate;
HeadlessInfo->Serial.TerminalType = HeadlessGlobals->TerminalType;
Modified: trunk/reactos/ntoskrnl/ps/thread.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/thread.c?rev=6…
==============================================================================
--- trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] Sat Sep 28 08:37:47 2013
@@ -317,19 +317,30 @@
return Status;
}
- /* Set the Start Addresses */
- Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
- Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext);
+ /* Set the Start Addresses from the untrusted ThreadContext */
+ _SEH2_TRY
+ {
+ Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
+ Thread->Win32StartAddress =
(PVOID)KeGetContextReturnRegister(ThreadContext);
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = _SEH2_GetExceptionCode();
+ }
+ _SEH2_END;
/* Let the kernel intialize the Thread */
- Status = KeInitThread(&Thread->Tcb,
- NULL,
- PspUserThreadStartup,
- NULL,
- Thread->StartAddress,
- ThreadContext,
- TebBase,
- &Process->Pcb);
+ if (NT_SUCCESS(Status))
+ {
+ Status = KeInitThread(&Thread->Tcb,
+ NULL,
+ PspUserThreadStartup,
+ NULL,
+ Thread->StartAddress,
+ ThreadContext,
+ TebBase,
+ &Process->Pcb);
+ }
}
else
{
4009
days inactive
4009
days old
0 comments
1 participants
participants (1)
-
tfaber@svn.reactos.org