https://git.reactos.org/?p=reactos.git;a=commitdiff;h=482eb909fe8bc1dfcb9cbf...
commit 482eb909fe8bc1dfcb9cbfa5c55c8d4060a565ea Author: Eric Kohl eric.kohl@reactos.org AuthorDate: Sun Feb 23 21:35:57 2020 +0100 Commit: Eric Kohl eric.kohl@reactos.org CommitDate: Sun Feb 23 21:35:57 2020 +0100
[NTOS:CONFIG] Fix NtSetValueKey data probing
Probe the data before allocating a copy buffer. Otherwise NtSetValueKey returns an unexpected status code in case of too large data size.
This fixes the NtSetValueKey ntdll api tests. --- ntoskrnl/config/ntapi.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/config/ntapi.c b/ntoskrnl/config/ntapi.c index b672a9bc889..5e8f356a229 100644 --- a/ntoskrnl/config/ntapi.c +++ b/ntoskrnl/config/ntapi.c @@ -890,16 +890,35 @@ NtSetValueKey(IN HANDLE KeyHandle, /* Probe and copy the data */ if ((PreviousMode != KernelMode) && (DataSize != 0)) { - PVOID DataCopy = ExAllocatePoolWithTag(PagedPool, DataSize, TAG_CM); + PVOID DataCopy = NULL; + + _SEH2_TRY + { + ProbeForRead(Data, DataSize, 1); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + if (!NT_SUCCESS(Status)) + { + /* Dereference and return status */ + ObDereferenceObject(KeyObject); + return Status; + } + + DataCopy = ExAllocatePoolWithTag(PagedPool, DataSize, TAG_CM); if (!DataCopy) { /* Dereference and return status */ ObDereferenceObject(KeyObject); return STATUS_INSUFFICIENT_RESOURCES; } + _SEH2_TRY { - ProbeForRead(Data, DataSize, 1); RtlCopyMemory(DataCopy, Data, DataSize); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) @@ -915,6 +934,7 @@ NtSetValueKey(IN HANDLE KeyHandle, ObDereferenceObject(KeyObject); return Status; } + Data = DataCopy; }
-
Eric Kohl