https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5ebcc6cdc1dff92055398… commit 5ebcc6cdc1dff92055398b10af7ab74e8ae4eb31 Author: Eric Kohl <eric.kohl(a)reactos.org> AuthorDate: Sun Aug 5 16:16:53 2018 +0200 Commit: Eric Kohl <eric.kohl(a)reactos.org> CommitDate: Sun Aug 5 16:16:53 2018 +0200 [ADVAPI32] Add parameter checks to LogonUserExW and initialize the token handle. --- dll/win32/advapi32/misc/logon.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/dll/win32/advapi32/misc/logon.c b/dll/win32/advapi32/misc/logon.c index 88be6e5f39..f4e3f851df 100644 --- a/dll/win32/advapi32/misc/logon.c +++ b/dll/win32/advapi32/misc/logon.c @@ -469,7 +469,21 @@ LogonUserExW( NTSTATUS SubStatus = STATUS_SUCCESS; NTSTATUS Status; - *phToken = NULL; + if ((ppProfileBuffer != NULL && pdwProfileLength == NULL) || + (ppProfileBuffer == NULL && pdwProfileLength != NULL)) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + + if (ppProfileBuffer != NULL && pdwProfileLength != NULL) + { + *ppProfileBuffer = NULL; + *pdwProfileLength = 0; + } + + if (phToken != NULL) + *phToken = NULL; switch (dwLogonType) { @@ -654,9 +668,10 @@ LogonUserExW( TRACE("TokenHandle: %p\n", TokenHandle); } - *phToken = TokenHandle; + if (phToken != NULL) + *phToken = TokenHandle; - /* FIXME: return ppLogonSid, ppProfileBuffer, pdwProfileLength and pQuotaLimits */ + /* FIXME: return ppLogonSid and pQuotaLimits */ done: if (ProfileBuffer != NULL)