[tfaber] 60401: [NTOSKRNL] - Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch
Author: tfaber Date: Sat Sep 28 08:37:47 2013 New Revision: 60401
URL: http://svn.reactos.org/svn/reactos?rev=60401&view=rev Log: [NTOSKRNL] - Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch
Modified: trunk/reactos/ntoskrnl/ex/hdlsterm.c trunk/reactos/ntoskrnl/ps/thread.c
Modified: trunk/reactos/ntoskrnl/ex/hdlsterm.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/hdlsterm.c?rev=... ============================================================================== --- trunk/reactos/ntoskrnl/ex/hdlsterm.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/hdlsterm.c [iso-8859-1] Sat Sep 28 08:37:47 2013 @@ -417,7 +417,7 @@ HeadlessInfo = OutputBuffer; HeadlessInfo->PortType = HeadlessSerialPort; HeadlessInfo->Serial.TerminalAttached = TRUE; - HeadlessInfo->Serial.UsedBiosSettings = HeadlessGlobals->UsedBiosSettings; + HeadlessInfo->Serial.UsedBiosSettings = HeadlessGlobals->UsedBiosSettings != 0; HeadlessInfo->Serial.TerminalBaudRate = HeadlessGlobals->TerminalBaudRate; HeadlessInfo->Serial.TerminalType = HeadlessGlobals->TerminalType;
Modified: trunk/reactos/ntoskrnl/ps/thread.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/thread.c?rev=60... ============================================================================== --- trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ps/thread.c [iso-8859-1] Sat Sep 28 08:37:47 2013 @@ -317,19 +317,30 @@ return Status; }
- /* Set the Start Addresses */ - Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext); - Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext); + /* Set the Start Addresses from the untrusted ThreadContext */ + _SEH2_TRY + { + Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext); + Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END;
/* Let the kernel intialize the Thread */ - Status = KeInitThread(&Thread->Tcb, - NULL, - PspUserThreadStartup, - NULL, - Thread->StartAddress, - ThreadContext, - TebBase, - &Process->Pcb); + if (NT_SUCCESS(Status)) + { + Status = KeInitThread(&Thread->Tcb, + NULL, + PspUserThreadStartup, + NULL, + Thread->StartAddress, + ThreadContext, + TebBase, + &Process->Pcb); + } } else {
-
tfaber@svn.reactos.org