Author: ekohl Date: Fri Sep 26 23:46:59 2014 New Revision: 64318 URL: http://svn.reactos.org/svn/reactos?rev=64318&view=rev Log: [LSASRV] Fix memory related issues in calls to LsaEnumerateLogonSessions. - Initialize ClientBaseAddress to NULL because we do not need to allocate a fixed memory page. - Protect Length from being overwitten by NtWriteVirtualMemory. Modified: trunk/reactos/dll/win32/lsasrv/session.c Modified: trunk/reactos/dll/win32/lsasrv/session.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/session.c… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/session.c [iso-8859-1] Fri Sep 26 23:46:59 2014 @@ -131,8 +131,8 @@ PLIST_ENTRY SessionEntry; PLSAP_LOGON_SESSION CurrentSession; PLUID SessionList; - ULONG i, Length; - PVOID ClientBaseAddress; + ULONG i, Length, MemSize; + PVOID ClientBaseAddress = NULL; NTSTATUS Status; TRACE("LsapEnumLogonSessions()\n"); @@ -175,10 +175,11 @@ goto done; } + MemSize = Length; Status = NtAllocateVirtualMemory(ProcessHandle, &ClientBaseAddress, 0, - &Length, + &MemSize, MEM_COMMIT, PAGE_READWRITE); if (!NT_SUCCESS(Status))