Author: fireball Date: Tue Jan 1 23:44:09 2008 New Revision: 31539 URL: http://svn.reactos.org/svn/reactos?rev=31539&view=rev Log: - Move ENUM_ROOT to internal/io.h, so that io/driver.c can use it too. - Rewrite IopAttachFilterDrivers() to get rid of dangerous strings operations. Modified: trunk/reactos/ntoskrnl/include/internal/io.h trunk/reactos/ntoskrnl/io/iomgr/driver.c trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c Modified: trunk/reactos/ntoskrnl/include/internal/io.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/… ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/io.h (original) +++ trunk/reactos/ntoskrnl/include/internal/io.h Tue Jan 1 23:44:09 2008 @@ -45,6 +45,11 @@ #else #define IOTRACE(x, ...) DPRINT(__VA_ARGS__); #endif + +// +// Registry path to the enumeration root key +// +#define ENUM_ROOT L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum" // // Returns the type of METHOD_ used in this IOCTL Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/driver.c (original) +++ trunk/reactos/ntoskrnl/io/iomgr/driver.c Tue Jan 1 23:44:09 2008 @@ -571,16 +571,45 @@ PDEVICE_NODE DeviceNode, BOOLEAN Lower) { - RTL_QUERY_REGISTRY_TABLE QueryTable[2] = {{0}}; - PWCHAR KeyBuffer; + RTL_QUERY_REGISTRY_TABLE QueryTable[2] = {{0}}; + OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING Class; WCHAR ClassBuffer[40]; + UNICODE_STRING EnumRoot = RTL_CONSTANT_STRING(ENUM_ROOT); + HANDLE EnumRootKey, SubKey; NTSTATUS Status; + /* Open enumeration root key */ + InitializeObjectAttributes(&ObjectAttributes, + &EnumRoot, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + Status = ZwOpenKey(&EnumRootKey, KEY_READ, &ObjectAttributes); + + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + return Status; + } + + /* Open subkey */ + InitializeObjectAttributes(&ObjectAttributes, + &DeviceNode->InstancePath, + OBJ_CASE_INSENSITIVE, + EnumRootKey, + NULL); + Status = ZwOpenKey(&SubKey, KEY_READ, &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + ZwClose(EnumRootKey); + return Status; + } + /* * First load the device filters */ - QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; if (Lower) QueryTable[0].Name = L"LowerFilters"; @@ -588,15 +617,9 @@ QueryTable[0].Name = L"UpperFilters"; QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED; - KeyBuffer = ExAllocatePool( - PagedPool, - (49 * sizeof(WCHAR)) + DeviceNode->InstancePath.Length); - wcscpy(KeyBuffer, L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\"); - wcscat(KeyBuffer, DeviceNode->InstancePath.Buffer); - RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL); @@ -604,7 +627,6 @@ /* * Now get the class GUID */ - Class.Length = 0; Class.MaximumLength = 40 * sizeof(WCHAR); Class.Buffer = ClassBuffer; @@ -614,13 +636,15 @@ QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT; Status = RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL); - ExFreePool(KeyBuffer); + /* Close handles */ + ZwClose(SubKey); + ZwClose(EnumRootKey); /* * Load the class filter driver @@ -628,6 +652,34 @@ if (NT_SUCCESS(Status)) { + UNICODE_STRING ControlClass = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Class"); + InitializeObjectAttributes(&ObjectAttributes, + &ControlClass, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + Status = ZwOpenKey(&EnumRootKey, KEY_READ, &ObjectAttributes); + + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + return Status; + } + + /* Open subkey */ + InitializeObjectAttributes(&ObjectAttributes, + &Class, + OBJ_CASE_INSENSITIVE, + EnumRootKey, + NULL); + Status = ZwOpenKey(&SubKey, KEY_READ, &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + ZwClose(EnumRootKey); + return Status; + } + QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; if (Lower) QueryTable[0].Name = L"LowerFilters"; @@ -636,18 +688,16 @@ QueryTable[0].EntryContext = NULL; QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED; - KeyBuffer = ExAllocatePool(PagedPool, (58 * sizeof(WCHAR)) + Class.Length); - wcscpy(KeyBuffer, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Class\\"); - wcscat(KeyBuffer, ClassBuffer); - RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL); - ExFreePool(KeyBuffer); + /* Clean up */ + ZwClose(SubKey); + ZwClose(EnumRootKey); } return STATUS_SUCCESS; Modified: trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.… ============================================================================== --- trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c (original) +++ trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c Tue Jan 1 23:44:09 2008 @@ -18,8 +18,6 @@ //#define ENABLE_ACPI /* GLOBALS *******************************************************************/ - -#define ENUM_ROOT L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum" PDEVICE_NODE IopRootDeviceNode; KSPIN_LOCK IopDeviceTreeLock;