Author: hbelusca Date: Mon Nov 7 12:35:09 2016 New Revision: 73166 URL: http://svn.reactos.org/svn/reactos?rev=73166&view=rev Log: [NTOS:LPC] - Capture the ServerView/ClientView *only* when those pointers are not NULL. - Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100 Modified: trunk/reactos/ntoskrnl/lpc/complete.c trunk/reactos/ntoskrnl/lpc/connect.c trunk/reactos/ntoskrnl/lpc/send.c Modified: trunk/reactos/ntoskrnl/lpc/complete.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/complete.c?re… ============================================================================== --- trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -84,7 +84,9 @@ ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1); /* The following parameters are optional */ - if (ServerView != NULL) + + /* Capture the server view */ + if (ServerView) { ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG)); CapturedServerView = *(volatile PORT_VIEW*)ServerView; @@ -97,7 +99,8 @@ } } - if (ClientView != NULL) + /* Capture the client view */ + if (ClientView) { ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG)); @@ -121,19 +124,27 @@ CapturedReplyMessage = *ReplyMessage; ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength; - /* Validate the size of the server view */ - if ((ServerView) && (ServerView->Length != sizeof(*ServerView))) - { - /* Invalid size */ - return STATUS_INVALID_PARAMETER; - } - CapturedServerView = *ServerView; - - /* Validate the size of the client view */ - if ((ClientView) && (ClientView->Length != sizeof(*ClientView))) - { - /* Invalid size */ - return STATUS_INVALID_PARAMETER; + /* Capture the server view */ + if (ServerView) + { + /* Validate the size of the server view */ + if (ServerView->Length != sizeof(*ServerView)) + { + /* Invalid size */ + return STATUS_INVALID_PARAMETER; + } + CapturedServerView = *ServerView; + } + + /* Capture the client view */ + if (ClientView) + { + /* Validate the size of the client view */ + if (ClientView->Length != sizeof(*ClientView)) + { + /* Invalid size */ + return STATUS_INVALID_PARAMETER; + } } } Modified: trunk/reactos/ntoskrnl/lpc/connect.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/connect.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -130,7 +130,7 @@ /* The following parameters are optional */ /* Capture the client view */ - if (ClientView != NULL) + if (ClientView) { ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG)); CapturedClientView = *(volatile PORT_VIEW*)ClientView; @@ -145,7 +145,7 @@ } /* Capture the server view */ - if (ServerView != NULL) + if (ServerView) { ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG)); @@ -202,7 +202,7 @@ /* The following parameters are optional */ /* Capture the client view */ - if (ClientView != NULL) + if (ClientView) { /* Validate the size of the client view */ if (ClientView->Length != sizeof(*ClientView)) @@ -214,7 +214,7 @@ } /* Capture the server view */ - if (ServerView != NULL) + if (ServerView) { /* Validate the size of the server view */ if (ServerView->Length != sizeof(*ServerView)) Modified: trunk/reactos/ntoskrnl/lpc/send.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/send.c?rev=73… ============================================================================== --- trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] Mon Nov 7 12:35:09 2016 @@ -857,7 +857,7 @@ /* Copy it */ LpcpMoveMessage(&Message->Request, - LpcRequest, + &CapturedLpcRequest, LpcRequest + 1, MessageType, &Thread->Cid);