[greatlrd] 22008: Patch from w3seek: patch to fix a couple of argument probing bugs in NtQuerySymbolicLinkObject and NtCreateSymbolicLinkObject: - Ros-diffs

24 May 2006

Author: greatlrd
Date: Wed May 24 18:41:53 2006
New Revision: 22008
URL: http://svn.reactos.ru/svn/reactos?rev=22008&view=rev
Log:
Patch from w3seek:  patch to fix a couple of argument probing bugs in NtQuerySymbolicLinkObject and NtCreateSymbolicLinkObject:
Modified:
    trunk/reactos/ntoskrnl/ob/symlink.c
Modified: trunk/reactos/ntoskrnl/ob/symlink.c
URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/ntoskrnl/ob/symlink.c?rev=22...
==============================================================================

--- trunk/reactos/ntoskrnl/ob/symlink.c (original)
+++ trunk/reactos/ntoskrnl/ob/symlink.c Wed May 24 18:41:53 2006
@@ -236,8 +236,7 @@
         _SEH_TRY
         {
             /* Probe the target */
-            ProbeForRead(LinkTarget, sizeof(UNICODE_STRING), sizeof(WCHAR));
-            CapturedLinkTarget = *LinkTarget;
+            CapturedLinkTarget = ProbeForReadUnicodeString(LinkTarget);
             ProbeForRead(CapturedLinkTarget.Buffer,
                          CapturedLinkTarget.MaximumLength,
                          sizeof(WCHAR));
@@ -329,7 +328,7 @@
                 /* Return the handle to caller */
                 *LinkHandle = hLink;
             }
-            _SEH_HANDLE
+            _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
             {
                 /* Get exception code */
                 Status = _SEH_GetExceptionCode();
@@ -410,7 +409,7 @@
             /* Return the handle to caller */
             *LinkHandle = hLink;
         }
-        _SEH_HANDLE
+        _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
         {
             /* Get exception code */
             Status = _SEH_GetExceptionCode();
@@ -448,7 +447,7 @@
                           OUT PUNICODE_STRING LinkTarget,
                           OUT PULONG ResultLength OPTIONAL)
 {
-    UNICODE_STRING SafeLinkTarget;
+    UNICODE_STRING SafeLinkTarget = {0};
     POBJECT_SYMBOLIC_LINK SymlinkObject;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     NTSTATUS Status = STATUS_SUCCESS;
@@ -460,15 +459,13 @@
         _SEH_TRY
         {
             /* Probe the unicode string for read and write */
-            ProbeForRead(LinkTarget, sizeof(UNICODE_STRING), sizeof(WCHAR));
-            ProbeForWriteUshort(&LinkTarget->Length);
-            ProbeForWriteUshort(&LinkTarget->MaximumLength);
+            ProbeForWriteUnicodeString(LinkTarget);
/* Probe the unicode string's buffer for write */
             SafeLinkTarget = *LinkTarget;
             ProbeForWrite(SafeLinkTarget.Buffer,
                           SafeLinkTarget.MaximumLength,
-                          sizeof(CHAR));
+                          sizeof(WCHAR));
/* Probe the return length */
             if(ResultLength) ProbeForWriteUlong(ResultLength);
@@ -517,7 +514,7 @@
             if (LengthUsed <= SafeLinkTarget.MaximumLength)
             {
                 /* Copy the buffer */
-                RtlMoveMemory(SafeLinkTarget.Buffer,
+                RtlCopyMemory(SafeLinkTarget.Buffer,
                               SymlinkObject->LinkTarget.Buffer,
                               LengthUsed);
@@ -537,7 +534,7 @@
                 *ResultLength = SymlinkObject->LinkTarget.MaximumLength;
             }
         }
-        _SEH_HANDLE
+        _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
         {
             /* Get the error code */
             Status = _SEH_GetExceptionCode();

    