[tfaber] 54315: [SERVICES] - Use FIELD_OFFSET for variable-length structure sizes - Handle an invalid parameter condition in RCreateServiceW. Fixes an advapi32:service test - Do not dereference a N...
6 Nov
2011
6 Nov
'11
2:23 p.m.
Author: tfaber
Date: Sun Nov 6 14:23:39 2011
New Revision: 54315
URL: http://svn.reactos.org/svn/reactos?rev=54315&view=rev
Log:
[SERVICES]
- Use FIELD_OFFSET for variable-length structure sizes
- Handle an invalid parameter condition in RCreateServiceW. Fixes an advapi32:service
test
- Do not dereference a NULL-pointer on out-of-memory
Modified:
trunk/reactos/base/system/services/database.c
trunk/reactos/base/system/services/rpcserver.c
Modified: trunk/reactos/base/system/services/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/datab…
==============================================================================
--- trunk/reactos/base/system/services/database.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/database.c [iso-8859-1] Sun Nov 6 14:23:39 2011
@@ -193,7 +193,7 @@
/* Create a new service image */
pServiceImage = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(SERVICE_IMAGE) + ((wcslen(ImagePath.Buffer) + 1)
* sizeof(WCHAR)));
+ FIELD_OFFSET(SERVICE_IMAGE,
szImagePath[wcslen(ImagePath.Buffer) + 1]));
if (pServiceImage == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
@@ -368,7 +368,7 @@
/* Allocate service entry */
lpService = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) *
sizeof(WCHAR)));
+ FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) +
1]));
if (lpService == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
Modified: trunk/reactos/base/system/services/rpcserver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcse…
==============================================================================
--- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Sun Nov 6 14:23:39 2011
@@ -155,7 +155,7 @@
Ptr = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
- sizeof(MANAGER_HANDLE) + (wcslen(lpDatabaseName) + 1) *
sizeof(WCHAR));
+ FIELD_OFFSET(MANAGER_HANDLE, DatabaseName[wcslen(lpDatabaseName) +
1]));
if (Ptr == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
@@ -1999,6 +1999,12 @@
return ERROR_INVALID_PARAMETER;
}
+ if ((dwServiceType & SERVICE_KERNEL_DRIVER) &&
+ (dwServiceType & SERVICE_FILE_SYSTEM_DRIVER))
+ {
+ return ERROR_INVALID_PARAMETER;
+ }
+
if ((dwServiceType == (SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS))
&&
(lpServiceStartName))
{
@@ -2267,9 +2273,12 @@
}
else
{
- /* Release the display name buffer */
- if (lpService->lpServiceName != NULL)
+ if (lpService != NULL &&
+ lpService->lpServiceName != NULL)
+ {
+ /* Release the display name buffer */
HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName);
+ }
if (hServiceHandle)
{
@@ -2366,7 +2375,7 @@
(dwServicesReturned + 1) * sizeof(PSERVICE));
if (!lpServicesArray)
{
- DPRINT("Could not allocate a buffer!!\n");
+ DPRINT1("Could not allocate a buffer!!\n");
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto Done;
}
@@ -4550,8 +4559,8 @@
dwLength = (strlen(Info.lpDescription) + 1) * sizeof(WCHAR);
lpServiceDescriptonW = HeapAlloc(GetProcessHeap(),
- 0,
- dwLength + sizeof(SERVICE_DESCRIPTIONW));
+ 0,
+ dwLength + sizeof(SERVICE_DESCRIPTIONW));
if (!lpServiceDescriptonW)
{
return ERROR_NOT_ENOUGH_MEMORY;
4702
days inactive
4702
days old
0 comments
1 participants
participants (1)
-
tfaber@svn.reactos.org