Author: fireball Date: Tue Jan 1 23:44:09 2008 New Revision: 31539

URL: http://svn.reactos.org/svn/reactos?rev=31539&view=rev Log: - Move ENUM_ROOT to internal/io.h, so that io/driver.c can use it too. - Rewrite IopAttachFilterDrivers() to get rid of dangerous strings operations.

Modified: trunk/reactos/ntoskrnl/include/internal/io.h trunk/reactos/ntoskrnl/io/iomgr/driver.c trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c

Modified: trunk/reactos/ntoskrnl/include/internal/io.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/i... ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/io.h (original) +++ trunk/reactos/ntoskrnl/include/internal/io.h Tue Jan 1 23:44:09 2008 @@ -45,6 +45,11 @@ #else #define IOTRACE(x, ...) DPRINT(__VA_ARGS__); #endif + +// +// Registry path to the enumeration root key +// +#define ENUM_ROOT L"\Registry\Machine\System\CurrentControlSet\Enum"

// // Returns the type of METHOD_ used in this IOCTL

Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c?... ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/driver.c (original) +++ trunk/reactos/ntoskrnl/io/iomgr/driver.c Tue Jan 1 23:44:09 2008 @@ -571,16 +571,45 @@ PDEVICE_NODE DeviceNode, BOOLEAN Lower) { - RTL_QUERY_REGISTRY_TABLE QueryTable[2] = {{0}}; - PWCHAR KeyBuffer; + RTL_QUERY_REGISTRY_TABLE QueryTable[2] = {{0}}; + OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING Class; WCHAR ClassBuffer[40]; + UNICODE_STRING EnumRoot = RTL_CONSTANT_STRING(ENUM_ROOT); + HANDLE EnumRootKey, SubKey; NTSTATUS Status;

+ /* Open enumeration root key */ + InitializeObjectAttributes(&ObjectAttributes, + &EnumRoot, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + Status = ZwOpenKey(&EnumRootKey, KEY_READ, &ObjectAttributes); + + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + return Status; + } + + /* Open subkey */ + InitializeObjectAttributes(&ObjectAttributes, + &DeviceNode->InstancePath, + OBJ_CASE_INSENSITIVE, + EnumRootKey, + NULL); + Status = ZwOpenKey(&SubKey, KEY_READ, &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + ZwClose(EnumRootKey); + return Status; + } + /* * First load the device filters */ - QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; if (Lower) QueryTable[0].Name = L"LowerFilters"; @@ -588,15 +617,9 @@ QueryTable[0].Name = L"UpperFilters"; QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED;

- KeyBuffer = ExAllocatePool( - PagedPool, - (49 * sizeof(WCHAR)) + DeviceNode->InstancePath.Length); - wcscpy(KeyBuffer, L"\Registry\Machine\System\CurrentControlSet\Enum\"); - wcscat(KeyBuffer, DeviceNode->InstancePath.Buffer); - RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL); @@ -604,7 +627,6 @@ /* * Now get the class GUID */ - Class.Length = 0; Class.MaximumLength = 40 * sizeof(WCHAR); Class.Buffer = ClassBuffer; @@ -614,13 +636,15 @@ QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | RTL_QUERY_REGISTRY_DIRECT;

Status = RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL);

- ExFreePool(KeyBuffer); + /* Close handles */ + ZwClose(SubKey); + ZwClose(EnumRootKey);

/* * Load the class filter driver @@ -628,6 +652,34 @@

if (NT_SUCCESS(Status)) { + UNICODE_STRING ControlClass = RTL_CONSTANT_STRING(L"\Registry\Machine\System\CurrentControlSet\Control\Class"); + InitializeObjectAttributes(&ObjectAttributes, + &ControlClass, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + Status = ZwOpenKey(&EnumRootKey, KEY_READ, &ObjectAttributes); + + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + return Status; + } + + /* Open subkey */ + InitializeObjectAttributes(&ObjectAttributes, + &Class, + OBJ_CASE_INSENSITIVE, + EnumRootKey, + NULL); + Status = ZwOpenKey(&SubKey, KEY_READ, &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwOpenKey() failed with Status %08X\n", Status); + ZwClose(EnumRootKey); + return Status; + } + QueryTable[0].QueryRoutine = IopAttachFilterDriversCallback; if (Lower) QueryTable[0].Name = L"LowerFilters"; @@ -636,18 +688,16 @@ QueryTable[0].EntryContext = NULL; QueryTable[0].Flags = RTL_QUERY_REGISTRY_REQUIRED;

- KeyBuffer = ExAllocatePool(PagedPool, (58 * sizeof(WCHAR)) + Class.Length); - wcscpy(KeyBuffer, L"\Registry\Machine\System\CurrentControlSet\Control\Class\"); - wcscat(KeyBuffer, ClassBuffer); - RtlQueryRegistryValues( - RTL_REGISTRY_ABSOLUTE, - KeyBuffer, + RTL_REGISTRY_HANDLE, + (PWSTR)SubKey, QueryTable, DeviceNode, NULL);

- ExFreePool(KeyBuffer); + /* Clean up */ + ZwClose(SubKey); + ZwClose(EnumRootKey); }

return STATUS_SUCCESS;

Modified: trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c... ============================================================================== --- trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c (original) +++ trunk/reactos/ntoskrnl/io/pnpmgr/pnpmgr.c Tue Jan 1 23:44:09 2008 @@ -18,8 +18,6 @@ //#define ENABLE_ACPI

/* GLOBALS *******************************************************************/ - -#define ENUM_ROOT L"\Registry\Machine\System\CurrentControlSet\Enum"

PDEVICE_NODE IopRootDeviceNode; KSPIN_LOCK IopDeviceTreeLock;