Author: tfaber Date: Sun Nov 6 14:23:39 2011 New Revision: 54315

URL: http://svn.reactos.org/svn/reactos?rev=54315&view=rev Log: [SERVICES] - Use FIELD_OFFSET for variable-length structure sizes - Handle an invalid parameter condition in RCreateServiceW. Fixes an advapi32:service test - Do not dereference a NULL-pointer on out-of-memory

Modified: trunk/reactos/base/system/services/database.c trunk/reactos/base/system/services/rpcserver.c

Modified: trunk/reactos/base/system/services/database.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/databa... ============================================================================== --- trunk/reactos/base/system/services/database.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/database.c [iso-8859-1] Sun Nov 6 14:23:39 2011 @@ -193,7 +193,7 @@ /* Create a new service image */ pServiceImage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(SERVICE_IMAGE) + ((wcslen(ImagePath.Buffer) + 1) * sizeof(WCHAR))); + FIELD_OFFSET(SERVICE_IMAGE, szImagePath[wcslen(ImagePath.Buffer) + 1])); if (pServiceImage == NULL) { dwError = ERROR_NOT_ENOUGH_MEMORY; @@ -368,7 +368,7 @@ /* Allocate service entry */ lpService = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) * sizeof(WCHAR))); + FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1])); if (lpService == NULL) return ERROR_NOT_ENOUGH_MEMORY;

Modified: trunk/reactos/base/system/services/rpcserver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/services/rpcser... ============================================================================== --- trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] (original) +++ trunk/reactos/base/system/services/rpcserver.c [iso-8859-1] Sun Nov 6 14:23:39 2011 @@ -155,7 +155,7 @@

Ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(MANAGER_HANDLE) + (wcslen(lpDatabaseName) + 1) * sizeof(WCHAR)); + FIELD_OFFSET(MANAGER_HANDLE, DatabaseName[wcslen(lpDatabaseName) + 1])); if (Ptr == NULL) return ERROR_NOT_ENOUGH_MEMORY;

@@ -1999,6 +1999,12 @@ return ERROR_INVALID_PARAMETER; }

+ if ((dwServiceType & SERVICE_KERNEL_DRIVER) && + (dwServiceType & SERVICE_FILE_SYSTEM_DRIVER)) + { + return ERROR_INVALID_PARAMETER; + } + if ((dwServiceType == (SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS)) && (lpServiceStartName)) { @@ -2267,9 +2273,12 @@ } else { - /* Release the display name buffer */ - if (lpService->lpServiceName != NULL) + if (lpService != NULL && + lpService->lpServiceName != NULL) + { + /* Release the display name buffer */ HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName); + }

if (hServiceHandle) { @@ -2366,7 +2375,7 @@ (dwServicesReturned + 1) * sizeof(PSERVICE)); if (!lpServicesArray) { - DPRINT("Could not allocate a buffer!!\n"); + DPRINT1("Could not allocate a buffer!!\n"); dwError = ERROR_NOT_ENOUGH_MEMORY; goto Done; } @@ -4550,8 +4559,8 @@ dwLength = (strlen(Info.lpDescription) + 1) * sizeof(WCHAR);

lpServiceDescriptonW = HeapAlloc(GetProcessHeap(), - 0, - dwLength + sizeof(SERVICE_DESCRIPTIONW)); + 0, + dwLength + sizeof(SERVICE_DESCRIPTIONW)); if (!lpServiceDescriptonW) { return ERROR_NOT_ENOUGH_MEMORY;