Author: hbelusca Date: Tue Aug 6 19:10:36 2013 New Revision: 59658 URL: http://svn.reactos.org/svn/reactos?rev=59658&view=rev Log: [CONSRV] - Fix console handle validation (triggered by recent Process changes by Alex). - Temporarily add commented-out asserts for testing purposes only. Modified: trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c trunk/reactos/win32ss/user/winsrv/consrv/console.c trunk/reactos/win32ss/user/winsrv/consrv/handle.c Modified: trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv… ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -143,8 +143,12 @@ RemoveConsoleByHandle(IN HANDLE Handle) { NTSTATUS Status = STATUS_SUCCESS; + PCONSOLE Console; + + BOOLEAN ValidHandle = ((HandleToULong(Handle) & 0x3) == 0x3); ULONG Index = HandleToULong(Handle) >> 2; - PCONSOLE Console; + + if (!ValidHandle) return STATUS_INVALID_HANDLE; ASSERT( (ConsoleList == NULL && ConsoleListSize == 0) || (ConsoleList != NULL && ConsoleListSize != 0) ); @@ -339,9 +343,12 @@ IN BOOLEAN LockConsole) { BOOLEAN RetVal = FALSE; - + PCONSOLE ValidatedConsole; + + BOOLEAN ValidHandle = ((HandleToULong(ConsoleHandle) & 0x3) == 0x3); ULONG Index = HandleToULong(ConsoleHandle) >> 2; - PCONSOLE ValidatedConsole; + + if (!ValidHandle) return FALSE; if (!Console) return FALSE; *Console = NULL; Modified: trunk/reactos/win32ss/user/winsrv/consrv/console.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv… ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/console.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/console.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -159,7 +159,7 @@ ConSrvReleaseConsole(PCONSOLE Console, BOOL WasConsoleLocked) { - /* Just call the driver*/ + /* Just call the driver */ ConDrvReleaseConsole(Console, WasConsoleLocked); } Modified: trunk/reactos/win32ss/user/winsrv/consrv/handle.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv… ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -387,6 +387,8 @@ RtlEnterCriticalSection(&ProcessData->HandleTableLock); ASSERT(ProcessData->HandleTable); + // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) ); if (Index >= ProcessData->HandleTableSize || (Object = ProcessData->HandleTable[Index].Object) == NULL) @@ -781,6 +783,9 @@ RtlEnterCriticalSection(&ProcessData->HandleTableLock); + // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) ); + if (!IsConsoleHandle(ConsoleHandle) || Index >= ProcessData->HandleTableSize || ProcessData->HandleTable[Index].Object == NULL) @@ -815,6 +820,9 @@ } RtlEnterCriticalSection(&ProcessData->HandleTableLock); + + // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) ); if ( /** !IsConsoleHandle(ConsoleHandle) || **/ Index >= ProcessData->HandleTableSize ||