[weiden] 13219: RtlCaptureUnicodeString should also check the buffers that the UNICODE_STRING structure points to... - Ros-diffs

22 Jan 2005

RtlCaptureUnicodeString should also check the buffers that the
UNICODE_STRING structure points to...
Modified: trunk/reactos/ntoskrnl/rtl/capture.c
  _____
Modified: trunk/reactos/ntoskrnl/rtl/capture.c

--- trunk/reactos/ntoskrnl/rtl/capture.c	2005-01-22 18:08:28 UTC
(rev 13218)
+++ trunk/reactos/ntoskrnl/rtl/capture.c	2005-01-22 20:53:14 UTC
(rev 13219)
@@ -58,6 +58,12 @@
sizeof(UNICODE_STRING),
                    sizeof(ULONG));
       Src = *UnsafeSrc;
+      if(Src.Length > 0)
+      {
+        ProbeForRead(Src.Buffer,
+                     Src.Length,
+                     sizeof(WCHAR));
+      }
     }
     _SEH_HANDLE
     {
@@ -86,20 +92,19 @@
    * Initialize the destination string.
    */
   Dest->Length = Src.Length;
-  Dest->MaximumLength = Src.Length + sizeof(WCHAR);
-  Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
-  if (Dest->Buffer == NULL)
-  {
-    Dest->Length = Dest->MaximumLength = 0;
-    Dest->Buffer = NULL;
-    return STATUS_INSUFFICIENT_RESOURCES;
-  }
-
-  /*
-   * Copy the source string to kernel space.
-   */
   if(Src.Length > 0)
   {
+    Dest->MaximumLength = Src.Length + sizeof(WCHAR);
+    Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
+    if (Dest->Buffer == NULL)
+    {
+      Dest->Length = Dest->MaximumLength = 0;
+      Dest->Buffer = NULL;
+      return STATUS_INSUFFICIENT_RESOURCES;
+    }
+    /*
+     * Copy the source string to kernel space.
+     */
     _SEH_TRY
     {
       RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length);
@@ -111,6 +116,11 @@
     }
     _SEH_END;
   }
+  else
+  {
+    Dest->MaximumLength = 0;
+    Dest->Buffer = NULL;
+  }
return Status;
 }

    