[hbelusca] 59658: [CONSRV] - Fix console handle validation (triggered by recent Process changes by Alex). - Temporarily add commented-out asserts for testing purposes only.
Author: hbelusca Date: Tue Aug 6 19:10:36 2013 New Revision: 59658
URL: http://svn.reactos.org/svn/reactos?rev=59658&view=rev Log: [CONSRV] - Fix console handle validation (triggered by recent Process changes by Alex). - Temporarily add commented-out asserts for testing purposes only.
Modified: trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c trunk/reactos/win32ss/user/winsrv/consrv/console.c trunk/reactos/win32ss/user/winsrv/consrv/handle.c
Modified: trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv/... ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/condrv/console.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -143,8 +143,12 @@ RemoveConsoleByHandle(IN HANDLE Handle) { NTSTATUS Status = STATUS_SUCCESS; + PCONSOLE Console; + + BOOLEAN ValidHandle = ((HandleToULong(Handle) & 0x3) == 0x3); ULONG Index = HandleToULong(Handle) >> 2; - PCONSOLE Console; + + if (!ValidHandle) return STATUS_INVALID_HANDLE;
ASSERT( (ConsoleList == NULL && ConsoleListSize == 0) || (ConsoleList != NULL && ConsoleListSize != 0) ); @@ -339,9 +343,12 @@ IN BOOLEAN LockConsole) { BOOLEAN RetVal = FALSE; - + PCONSOLE ValidatedConsole; + + BOOLEAN ValidHandle = ((HandleToULong(ConsoleHandle) & 0x3) == 0x3); ULONG Index = HandleToULong(ConsoleHandle) >> 2; - PCONSOLE ValidatedConsole; + + if (!ValidHandle) return FALSE;
if (!Console) return FALSE; *Console = NULL;
Modified: trunk/reactos/win32ss/user/winsrv/consrv/console.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv/... ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/console.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/console.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -159,7 +159,7 @@ ConSrvReleaseConsole(PCONSOLE Console, BOOL WasConsoleLocked) { - /* Just call the driver*/ + /* Just call the driver */ ConDrvReleaseConsole(Console, WasConsoleLocked); }
Modified: trunk/reactos/win32ss/user/winsrv/consrv/handle.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/winsrv/consrv/... ============================================================================== --- trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/winsrv/consrv/handle.c [iso-8859-1] Tue Aug 6 19:10:36 2013 @@ -387,6 +387,8 @@ RtlEnterCriticalSection(&ProcessData->HandleTableLock);
ASSERT(ProcessData->HandleTable); + // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) );
if (Index >= ProcessData->HandleTableSize || (Object = ProcessData->HandleTable[Index].Object) == NULL) @@ -781,6 +783,9 @@
RtlEnterCriticalSection(&ProcessData->HandleTableLock);
+ // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) ); + if (!IsConsoleHandle(ConsoleHandle) || Index >= ProcessData->HandleTableSize || ProcessData->HandleTable[Index].Object == NULL) @@ -815,6 +820,9 @@ }
RtlEnterCriticalSection(&ProcessData->HandleTableLock); + + // ASSERT( (ProcessData->HandleTable == NULL && ProcessData->HandleTableSize == 0) || + // (ProcessData->HandleTable != NULL && ProcessData->HandleTableSize != 0) );
if ( /** !IsConsoleHandle(ConsoleHandle) || **/ Index >= ProcessData->HandleTableSize ||
-
hbelusca@svn.reactos.org