[fireball] 53446: [NTDLL/LDR] - Fix wrong loop condition which would often lead to heap underread. - Fix wrong subkey string length calculation, which would result in an incorrect string being used... - Ros-diffs

25 Aug 2011

Author: fireball
Date: Thu Aug 25 22:25:25 2011
New Revision: 53446

URL: http://svn.reactos.org/svn/reactos?rev=53446&view=rev
Log:
[NTDLL/LDR]
- Fix wrong loop condition which would often lead to heap underread.
- Fix wrong subkey string length calculation, which would result in an incorrect string
being used to open an image specific key.
- Don't close the key handle in LdrQueryImageFileKeyOption() because it's used
more than once and closed after it's not needed anymore.
- Use Zw* functions instead of Nt* where necessary in LdrQueryImageFileKeyOption().
- Per-image execution options work now (e.g. enabling DPH).

Modified:
    trunk/reactos/dll/ntdll/ldr/ldrinit.c

Modified: trunk/reactos/dll/ntdll/ldr/ldrinit.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/ntdll/ldr/ldrinit.c?re…
==============================================================================

--- trunk/reactos/dll/ntdll/ldr/ldrinit.c [iso-8859-1] (original)
+++ trunk/reactos/dll/ntdll/ldr/ldrinit.c [iso-8859-1] Thu Aug 25 22:25:25 2011
@@ -144,14 +144,14 @@
         /* Extract the name */
         SubKeyString = *SubKey;
         p1 = (PWCHAR)((ULONG_PTR)SubKeyString.Buffer + SubKeyString.Length);
-        while (SubKey->Length)
+        while (SubKeyString.Length)
         {
             if (p1[-1] == L'\\') break;
             p1--;
             SubKeyString.Length -= sizeof(*p1);
         }
         SubKeyString.Buffer = p1;
-        SubKeyString.Length = SubKeyString.MaximumLength - SubKeyString.Length -
sizeof(WCHAR);
+        SubKeyString.Length = SubKey->Length - SubKeyString.Length;
 
         /* Setup the object attributes */
         InitializeObjectAttributes(&ObjectAttributes,
@@ -192,7 +192,7 @@
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Query the value */
-    Status = NtQueryValueKey(KeyHandle,
+    Status = ZwQueryValueKey(KeyHandle,
                              &ValueNameString,
                              KeyValuePartialInformation,
                              KeyValueInformation,
@@ -213,7 +213,7 @@
         }
 
         /* Try again */
-        Status = NtQueryValueKey(KeyHandle,
+        Status = ZwQueryValueKey(KeyHandle,
                                  &ValueNameString,
                                  KeyValuePartialInformation,
                                  KeyValueInformation,
@@ -326,8 +326,7 @@
     /* Check if buffer was in heap */
     if (FreeHeap) RtlFreeHeap(RtlGetProcessHeap(), 0, KeyValueInformation);
 
-    /* Close key and return */
-    NtClose(KeyHandle);
+    /* Return status */
     return Status;
 }
 



    