[weiden] 17217: revert my last changes back to Alex's version of ObpCaptureObjectAttributes as I'm being an incompetent ass. This will introduce several vulnerabilities and bugs again.
8 Aug
2005
8 Aug
'05
4:58 p.m.
revert my last changes back to Alex's version of
ObpCaptureObjectAttributes as I'm being an incompetent ass. This will
introduce several vulnerabilities and bugs again.
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
Modified: trunk/reactos/ntoskrnl/cm/registry.c
Modified: trunk/reactos/ntoskrnl/include/internal/ob.h
Modified: trunk/reactos/ntoskrnl/lpc/connect.c
Modified: trunk/reactos/ntoskrnl/ob/handle.c
Modified: trunk/reactos/ntoskrnl/ob/namespc.c
Modified: trunk/reactos/ntoskrnl/ob/object.c
_____
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
--- trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-08-08 16:57:50 UTC (rev
17216)
+++ trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-08-08 16:58:30 UTC (rev
17217)
@@ -192,19 +192,20 @@
PWSTR Start;
UNICODE_STRING ObjectName;
OBJECT_CREATE_INFORMATION ObjectCreateInfo;
- KPROCESSOR_MODE PreviousMode;
unsigned i;
PAGED_CODE();
-
- PreviousMode = KeGetPreviousMode();
+ DPRINT("NtCreateKey (Name %wZ KeyHandle 0x%p Root 0x%p)\n",
+ ObjectAttributes->ObjectName,
+ KeyHandle,
+ ObjectAttributes->RootDirectory);
+
/* Capture all the info */
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(ObjectAttributes,
- PreviousMode,
- PagedPool,
- FALSE,
+ KeGetPreviousMode(),
+ CmiKeyType,
&ObjectCreateInfo,
&ObjectName);
if (!NT_SUCCESS(Status))
@@ -218,10 +219,8 @@
(PVOID*)&Object,
&RemainingPath,
CmiKeyType);
- ObpReleaseCapturedAttributes(&ObjectCreateInfo,
- &ObjectName,
- PreviousMode,
- FALSE);
+ ObpReleaseCapturedAttributes(&ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
if (!NT_SUCCESS(Status))
{
DPRINT("CmpFindObject failed, Status: 0x%x\n", Status);
@@ -1170,8 +1169,7 @@
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(ObjectAttributes,
PreviousMode,
- PagedPool,
- FALSE,
+ CmiKeyType,
&ObjectCreateInfo,
&ObjectName);
if (!NT_SUCCESS(Status))
@@ -1187,10 +1185,8 @@
(PVOID*)&Object,
&RemainingPath,
CmiKeyType);
- ObpReleaseCapturedAttributes(&ObjectCreateInfo,
- &ObjectName,
- PreviousMode,
- FALSE);
+ ObpReleaseCapturedAttributes(&ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
if (!NT_SUCCESS(Status))
{
DPRINT("CmpFindObject() returned 0x%08lx\n", Status);
_____
Modified: trunk/reactos/ntoskrnl/cm/registry.c
--- trunk/reactos/ntoskrnl/cm/registry.c 2005-08-08 16:57:50 UTC
(rev 17216)
+++ trunk/reactos/ntoskrnl/cm/registry.c 2005-08-08 16:58:30 UTC
(rev 17217)
@@ -705,8 +705,7 @@
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(KeyObjectAttributes,
KernelMode,
- PagedPool,
- FALSE,
+ CmiKeyType,
&ObjectCreateInfo,
&ObjectName);
if (!NT_SUCCESS(Status))
@@ -720,10 +719,8 @@
(PVOID*)&ParentKey,
&RemainingPath,
CmiKeyType);
- ObpReleaseCapturedAttributes(&ObjectCreateInfo,
- &ObjectName,
- KernelMode,
- FALSE);
+ ObpReleaseCapturedAttributes(&ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
if (!NT_SUCCESS(Status))
{
return Status;
_____
Modified: trunk/reactos/ntoskrnl/include/internal/ob.h
--- trunk/reactos/ntoskrnl/include/internal/ob.h 2005-08-08
16:57:50 UTC (rev 17216)
+++ trunk/reactos/ntoskrnl/include/internal/ob.h 2005-08-08
16:58:30 UTC (rev 17217)
@@ -173,6 +173,14 @@
/* Secure object information functions */
+typedef struct _CAPTURED_OBJECT_ATTRIBUTES
+{
+ HANDLE RootDirectory;
+ ULONG Attributes;
+ PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
+} CAPTURED_OBJECT_ATTRIBUTES, *PCAPTURED_OBJECT_ATTRIBUTES;
+
NTSTATUS
STDCALL
ObpCaptureObjectName(IN PUNICODE_STRING CapturedName,
@@ -181,19 +189,16 @@
NTSTATUS
STDCALL
-ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes
OPTIONAL,
+ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes,
IN KPROCESSOR_MODE AccessMode,
- IN POOL_TYPE PoolType,
- IN BOOLEAN CaptureIfKernel,
- OUT POBJECT_CREATE_INFORMATION
CapturedObjectAttributes OPTIONAL,
- OUT PUNICODE_STRING ObjectName OPTIONAL);
+ IN POBJECT_TYPE ObjectType,
+ IN POBJECT_CREATE_INFORMATION
ObjectCreateInfo,
+ OUT PUNICODE_STRING ObjectName);
VOID
STDCALL
-ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION
CapturedObjectAttributes OPTIONAL,
- IN PUNICODE_STRING ObjectName OPTIONAL,
- IN KPROCESSOR_MODE AccessMode,
- IN BOOLEAN CaptureIfKernel);
+ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION
ObjectCreateInfo);
+
/* object information classes */
#define ICIF_QUERY 0x1
_____
Modified: trunk/reactos/ntoskrnl/lpc/connect.c
--- trunk/reactos/ntoskrnl/lpc/connect.c 2005-08-08 16:57:50 UTC
(rev 17216)
+++ trunk/reactos/ntoskrnl/lpc/connect.c 2005-08-08 16:58:30 UTC
(rev 17217)
@@ -410,7 +410,7 @@
NULL,
PORT_ALL_ACCESS, /* DesiredAccess
*/
LpcPortObjectType,
- PreviousMode,
+ UserMode,
NULL,
(PVOID*)&NamedPort);
if (!NT_SUCCESS(Status))
@@ -430,7 +430,7 @@
Status = ObReferenceObjectByHandle(WriteMap.SectionHandle,
SECTION_MAP_READ |
SECTION_MAP_WRITE,
MmSectionObjectType,
- PreviousMode,
+ UserMode,
(PVOID*)&SectionObject,
NULL);
if (!NT_SUCCESS(Status))
_____
Modified: trunk/reactos/ntoskrnl/ob/handle.c
--- trunk/reactos/ntoskrnl/ob/handle.c 2005-08-08 16:57:50 UTC (rev
17216)
+++ trunk/reactos/ntoskrnl/ob/handle.c 2005-08-08 16:58:30 UTC (rev
17217)
@@ -955,7 +955,7 @@
/* First try to find the Object */
if (ObjectNameInfo && ObjectNameInfo->Name.Buffer)
{
- DPRINT("Object has a name. Trying to find it: \"%wZ\".\n",
&ObjectNameInfo->Name);
+ DPRINT("Object has a name. Trying to find it: %wZ.\n",
&ObjectNameInfo->Name);
Status = ObFindObject(ObjectCreateInfo,
&ObjectNameInfo->Name,
&FoundObject,
@@ -1132,10 +1132,7 @@
/* We can delete the Create Info now */
Header->ObjectCreateInfo = NULL;
- ObpReleaseCapturedAttributes(ObjectCreateInfo,
- NULL,
- ObjectCreateInfo->ProbeMode,
- FALSE);
+ ObpReleaseCapturedAttributes(ObjectCreateInfo);
ExFreePool(ObjectCreateInfo);
DPRINT("Status %x\n", Status);
_____
Modified: trunk/reactos/ntoskrnl/ob/namespc.c
--- trunk/reactos/ntoskrnl/ob/namespc.c 2005-08-08 16:57:50 UTC (rev
17216)
+++ trunk/reactos/ntoskrnl/ob/namespc.c 2005-08-08 16:58:30 UTC (rev
17217)
@@ -70,35 +70,20 @@
NTSTATUS Status;
PAGED_CODE();
-
- /* capture the ObjectPath */
- Status = RtlCaptureUnicodeString(&ObjectName,
- AccessMode,
- NonPagedPool, /* FIXME */
- FALSE,
- ObjectPath);
- if (!NT_SUCCESS(Status))
- {
- DPRINT("RtlCaptureUnicodeString() failed (Status %lx)\n",
Status);
- return Status;
- }
InitializeObjectAttributes(&ObjectAttributes,
- &ObjectName,
+ ObjectPath,
Attributes | OBJ_OPENIF,
NULL,
NULL);
- /* "Capture" all the info, it doesn't make sense to capture from the
kernel
- stack as the information should be safe anyway...just do a raw
copy of the
- data into the OBJECT_CREATE_INFORMATION structure */
+ /* Capture all the info */
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(&ObjectAttributes,
- KernelMode, /* raw copy! */
- NonPagedPool,
- FALSE,
+ AccessMode,
+ ObjectType,
&ObjectCreateInfo,
- NULL);
+ &ObjectName);
if (!NT_SUCCESS(Status))
{
DPRINT("ObpCaptureObjectAttributes() failed (Status %lx)\n",
Status);
@@ -111,19 +96,9 @@
&RemainingPath,
ObjectType);
- /* we don't need to release the "captured" object attributes!
Nothing was allocated! */
-#if 0
- ObpReleaseCapturedAttributes(&ObjectCreateInfo,
- NULL,
- AccessMode,
- FALSE);
-#endif
+ ObpReleaseCapturedAttributes(&ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
- /* free the captured ObjectPath if needed */
- RtlReleaseCapturedUnicodeString(&ObjectName,
- AccessMode,
- FALSE);
-
if (!NT_SUCCESS(Status))
{
return(Status);
@@ -194,8 +169,7 @@
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(ObjectAttributes,
AccessMode,
- PagedPool,
- FALSE,
+ ObjectType,
&ObjectCreateInfo,
&ObjectName);
if (!NT_SUCCESS(Status))
@@ -209,10 +183,8 @@
&Object,
&RemainingPath,
ObjectType);
- ObpReleaseCapturedAttributes(&ObjectCreateInfo,
- &ObjectName,
- AccessMode,
- FALSE);
+ ObpReleaseCapturedAttributes(&ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
if (!NT_SUCCESS(Status))
{
DPRINT("ObFindObject() failed (Status %lx)\n", Status);
_____
Modified: trunk/reactos/ntoskrnl/ob/object.c
--- trunk/reactos/ntoskrnl/ob/object.c 2005-08-08 16:57:50 UTC (rev
17216)
+++ trunk/reactos/ntoskrnl/ob/object.c 2005-08-08 16:58:30 UTC (rev
17217)
@@ -110,297 +110,162 @@
NTSTATUS
STDCALL
-ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes
OPTIONAL,
+ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes,
IN KPROCESSOR_MODE AccessMode,
- IN POOL_TYPE PoolType,
- IN BOOLEAN CaptureIfKernel,
- OUT POBJECT_CREATE_INFORMATION
CapturedObjectAttributes OPTIONAL,
- OUT PUNICODE_STRING ObjectName OPTIONAL)
+ IN POBJECT_TYPE ObjectType,
+ IN POBJECT_CREATE_INFORMATION
ObjectCreateInfo,
+ OUT PUNICODE_STRING ObjectName)
{
- OBJECT_ATTRIBUTES AttributesCopy;
NTSTATUS Status = STATUS_SUCCESS;
+ PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_QUALITY_OF_SERVICE SecurityQos;
+ PUNICODE_STRING LocalObjectName = NULL;
- /* at least one output parameter must be != NULL! */
- ASSERT(CapturedObjectAttributes != NULL || ObjectName != NULL);
-
- if (ObjectAttributes == NULL)
+ /* Zero out the Capture Data */
+ DPRINT("ObpCaptureObjectAttributes\n");
+ RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION));
+
+ /* Check if we got Oba */
+ if (ObjectAttributes)
{
- /* we're going to return STATUS_SUCCESS! */
- goto failbasiccleanup;
- }
-
- if (AccessMode != KernelMode)
- {
- _SEH_TRY
+ if (AccessMode != KernelMode)
{
- ProbeForRead(ObjectAttributes,
- sizeof(ObjectAttributes),
- sizeof(ULONG));
- /* make a copy on the stack */
- AttributesCopy = *ObjectAttributes;
- }
- _SEH_HANDLE
- {
- Status = _SEH_GetExceptionCode();
- }
- _SEH_END;
-
- if(!NT_SUCCESS(Status))
- {
- DPRINT1("ObpCaptureObjectAttributes failed to probe object
attributes 0x%p\n", ObjectAttributes);
- goto failbasiccleanup;
- }
- }
- else if (!CaptureIfKernel)
- {
- if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
- {
- if (ObjectName != NULL)
+ DPRINT("Probing OBA\n");
+ _SEH_TRY
{
- /* we don't have to capture any memory, the caller
considers the passed data
- as valid */
- if (ObjectAttributes->ObjectName != NULL)
- {
- *ObjectName = *ObjectAttributes->ObjectName;
- }
- else
- {
- ObjectName->Length = ObjectName->MaximumLength = 0;
- ObjectName->Buffer = NULL;
- }
+ /* FIXME: SMSS SENDS BULLSHIT. */
+ #if 0
+ ProbeForRead(ObjectAttributes,
+ sizeof(ObjectAttributes),
+ sizeof(ULONG));
+ #endif
}
- if (CapturedObjectAttributes != NULL)
+ _SEH_HANDLE
{
- CapturedObjectAttributes->RootDirectory =
ObjectAttributes->RootDirectory;
- CapturedObjectAttributes->Attributes =
ObjectAttributes->Attributes;
- CapturedObjectAttributes->SecurityDescriptor =
ObjectAttributes->SecurityDescriptor;
- CapturedObjectAttributes->SecurityDescriptorCharge = 0;
/* FIXME */
- CapturedObjectAttributes->ProbeMode = AccessMode;
+ Status = _SEH_GetExceptionCode();
}
-
- return STATUS_SUCCESS;
+ _SEH_END;
}
- else
+
+ /* Validate the Size */
+ DPRINT("Validating OBA\n");
+ if (ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES))
{
Status = STATUS_INVALID_PARAMETER;
- goto failbasiccleanup;
}
- }
- else
- {
- AttributesCopy = *ObjectAttributes;
- }
- /* if Length isn't as expected, bail with an invalid parameter
status code so
- the caller knows he passed garbage... */
- if (AttributesCopy.Length != sizeof(OBJECT_ATTRIBUTES))
- {
- Status = STATUS_INVALID_PARAMETER;
- goto failbasiccleanup;
- }
-
- if (CapturedObjectAttributes != NULL)
- {
- CapturedObjectAttributes->RootDirectory =
AttributesCopy.RootDirectory;
- CapturedObjectAttributes->Attributes =
AttributesCopy.Attributes;
-
- if (AttributesCopy.SecurityDescriptor != NULL)
+ /* Fail if SEH or Size Validation failed */
+ if(!NT_SUCCESS(Status))
{
- Status =
SeCaptureSecurityDescriptor(AttributesCopy.SecurityDescriptor,
+ DPRINT1("ObpCaptureObjectAttributes failed to probe object
attributes\n");
+ goto fail;
+ }
+
+ /* Set some Create Info */
+ DPRINT("Creating OBCI\n");
+ ObjectCreateInfo->RootDirectory =
ObjectAttributes->RootDirectory;
+ ObjectCreateInfo->Attributes = ObjectAttributes->Attributes;
+ LocalObjectName = ObjectAttributes->ObjectName;
+ SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
+ SecurityQos = ObjectAttributes->SecurityQualityOfService;
+
+ /* Validate the SD */
+ if (SecurityDescriptor)
+ {
+ DPRINT("Probing SD: %x\n", SecurityDescriptor);
+ Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
AccessMode,
- PoolType,
+ NonPagedPool,
TRUE,
-
&CapturedObjectAttributes->SecurityDescriptor);
- if (!NT_SUCCESS(Status))
+
&ObjectCreateInfo->SecurityDescriptor);
+ if(!NT_SUCCESS(Status))
{
DPRINT1("Unable to capture the security
descriptor!!!\n");
- goto failbasiccleanup;
+ ObjectCreateInfo->SecurityDescriptor = NULL;
+ goto fail;
}
- CapturedObjectAttributes->SecurityDescriptorCharge = 0; /*
FIXME */
+
+ DPRINT("Probe done\n");
+ ObjectCreateInfo->SecurityDescriptorCharge = 0; /* FIXME */
+ ObjectCreateInfo->ProbeMode = AccessMode;
}
- else
+
+ /* Validate the QoS */
+ if (SecurityQos)
{
- CapturedObjectAttributes->SecurityDescriptor = NULL;
- CapturedObjectAttributes->SecurityDescriptorCharge = 0;
- }
- }
-
- if (ObjectName != NULL)
- {
- ObjectName->Buffer = NULL;
-
- if (AttributesCopy.ObjectName != NULL)
- {
- UNICODE_STRING OriginalCopy = {0};
-
if (AccessMode != KernelMode)
{
+ DPRINT("Probing QoS\n");
_SEH_TRY
{
- /* probe the ObjectName structure and make a local
stack copy of it */
- ProbeForRead(AttributesCopy.ObjectName,
- sizeof(UNICODE_STRING),
+ ProbeForRead(SecurityQos,
+ sizeof(SECURITY_QUALITY_OF_SERVICE),
sizeof(ULONG));
- OriginalCopy = *AttributesCopy.ObjectName;
- if (OriginalCopy.Length > 0)
- {
- ProbeForRead(OriginalCopy.Buffer,
- OriginalCopy.Length,
- sizeof(WCHAR));
- }
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
-
- if (NT_SUCCESS(Status))
- {
- ObjectName->Length = OriginalCopy.Length;
-
- if(OriginalCopy.Length > 0)
- {
- ObjectName->MaximumLength = OriginalCopy.Length
+ sizeof(WCHAR);
- ObjectName->Buffer = ExAllocatePool(PoolType,
-
ObjectName->MaximumLength);
- if (ObjectName->Buffer != NULL)
- {
- _SEH_TRY
- {
- /* no need to probe OriginalCopy.Buffer
again, we already did that
- when capturing the UNICODE_STRING
structure itself */
- RtlCopyMemory(ObjectName->Buffer,
OriginalCopy.Buffer, OriginalCopy.Length);
- ObjectName->Buffer[OriginalCopy.Length
/ sizeof(WCHAR)] = L'\0';
- }
- _SEH_HANDLE
- {
- Status = _SEH_GetExceptionCode();
- }
- _SEH_END;
-
- if (!NT_SUCCESS(Status))
- {
- DPRINT1("ObpCaptureObjectAttributes
failed to copy the unicode string!\n");
- }
- }
- else
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- }
- }
- else if(AttributesCopy.RootDirectory != NULL /* &&
OriginalCopy.Length == 0 */)
- {
- /* if the caller specified a root directory,
there must be an object name! */
- Status = STATUS_OBJECT_NAME_INVALID;
- }
- else
- {
- ObjectName->Length = ObjectName->MaximumLength
= 0;
- }
- }
-#ifdef DBG
- else
- {
- DPRINT1("ObpCaptureObjectAttributes failed to probe
the object name UNICODE_STRING structure!\n");
- }
-#endif
}
- else /* AccessMode == KernelMode */
- {
- OriginalCopy = *AttributesCopy.ObjectName;
- ObjectName->Length = OriginalCopy.Length;
- if (OriginalCopy.Length > 0)
- {
- ObjectName->MaximumLength = OriginalCopy.Length +
sizeof(WCHAR);
- ObjectName->Buffer = ExAllocatePool(PoolType,
-
ObjectName->MaximumLength);
- if (ObjectName->Buffer != NULL)
- {
- RtlCopyMemory(ObjectName->Buffer,
OriginalCopy.Buffer, OriginalCopy.Length);
- ObjectName->Buffer[OriginalCopy.Length /
sizeof(WCHAR)] = L'\0';
- }
- else
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- }
- }
- else if (AttributesCopy.RootDirectory != NULL /* &&
OriginalCopy.Length == 0 */)
- {
- /* if the caller specified a root directory, there
must be an object name! */
- Status = STATUS_OBJECT_NAME_INVALID;
- }
- else
- {
- ObjectName->Length = ObjectName->MaximumLength = 0;
- }
+ if(!NT_SUCCESS(Status))
+ {
+ DPRINT1("Unable to capture QoS!!!\n");
+ goto fail;
}
+
+ ObjectCreateInfo->SecurityQualityOfService = *SecurityQos;
+ ObjectCreateInfo->SecurityQos =
&ObjectCreateInfo->SecurityQualityOfService;
}
- else
+ }
+
+ /* Clear Local Object Name */
+ DPRINT("Clearing name\n");
+ RtlZeroMemory(ObjectName, sizeof(UNICODE_STRING));
+
+ /* Now check if the Object Attributes had an Object Name */
+ if (LocalObjectName)
+ {
+ DPRINT("Name Buffer: %x\n", LocalObjectName->Buffer);
+ Status = ObpCaptureObjectName(ObjectName,
+ LocalObjectName,
+ AccessMode);
+ }
+ else
+ {
+ /* He can't have specified a Root Directory */
+ if (ObjectCreateInfo->RootDirectory)
{
- ObjectName->Length = ObjectName->MaximumLength = 0;
+ DPRINT1("Invalid name\n");
+ Status = STATUS_OBJECT_NAME_INVALID;
}
}
- CapturedObjectAttributes->ProbeMode = AccessMode;
-
+fail:
if (!NT_SUCCESS(Status))
{
- if (ObjectName != NULL && ObjectName->Buffer)
- {
- ExFreePool(ObjectName->Buffer);
- }
- if (CapturedObjectAttributes != NULL)
- {
- /* cleanup allocated resources */
-
SeReleaseSecurityDescriptor(CapturedObjectAttributes->SecurityDescriptor
,
- AccessMode,
- TRUE);
- }
-
-failbasiccleanup:
- if (ObjectName != NULL)
- {
- ObjectName->Length = ObjectName->MaximumLength = 0;
- ObjectName->Buffer = NULL;
- }
- if (CapturedObjectAttributes != NULL)
- {
- RtlZeroMemory(CapturedObjectAttributes,
sizeof(OBJECT_CREATE_INFORMATION));
- }
+ DPRINT1("Failed to capture, cleaning up\n");
+ ObpReleaseCapturedAttributes(ObjectCreateInfo);
}
-
+
+ DPRINT("Return to caller\n");
return Status;
}
VOID
STDCALL
-ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION
CapturedObjectAttributes OPTIONAL,
- IN PUNICODE_STRING ObjectName OPTIONAL,
- IN KPROCESSOR_MODE AccessMode,
- IN BOOLEAN CaptureIfKernel)
+ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION
ObjectCreateInfo)
{
- /* WARNING - You need to pass the same parameters to this function as
you passed
- to ObpCaptureObjectAttributes() to avoid memory leaks */
- if(AccessMode != KernelMode || CaptureIfKernel)
- {
- if(CapturedObjectAttributes != NULL &&
- CapturedObjectAttributes->SecurityDescriptor != NULL)
+ /* Release the SD, it's the only thing we allocated */
+ if (ObjectCreateInfo->SecurityDescriptor)
{
- ExFreePool(CapturedObjectAttributes->SecurityDescriptor);
-
-#ifdef DBG
- RtlZeroMemory(CapturedObjectAttributes,
sizeof(OBJECT_CREATE_INFORMATION));
-#endif
+
SeReleaseSecurityDescriptor(ObjectCreateInfo->SecurityDescriptor,
+ ObjectCreateInfo->ProbeMode,
+ TRUE);
+ ObjectCreateInfo->SecurityDescriptor = NULL;
}
- if(ObjectName != NULL &&
- ObjectName->Length > 0)
- {
- ExFreePool(ObjectName->Buffer);
- }
- }
}
@@ -483,7 +348,7 @@
ObjectName->Buffer[0] != L'\\')
{
ObDereferenceObject (CurrentObject);
- DPRINT1("failed: \"%wZ\"\n", ObjectName);
+ DPRINT1("failed\n");
return STATUS_UNSUCCESSFUL;
}
@@ -930,9 +795,8 @@
/* Capture all the info */
DPRINT("Capturing Create Info\n");
Status = ObpCaptureObjectAttributes(ObjectAttributes,
- ObjectAttributesAccessMode,
- NonPagedPool,
- TRUE,
+ AccessMode,
+ Type,
ObjectCreateInfo,
&ObjectName);
@@ -958,10 +822,8 @@
/* Release the Capture Info, we don't need it */
DPRINT1("Allocation failed\n");
- ObpReleaseCapturedAttributes(ObjectCreateInfo,
- &ObjectName,
- ObjectAttributesAccessMode,
- TRUE);
+ ObpReleaseCapturedAttributes(ObjectCreateInfo);
+ if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
}
/* We failed, so release the Buffer */
@@ -1115,10 +977,7 @@
}
if (Header->ObjectCreateInfo)
{
- ObpReleaseCapturedAttributes(Header->ObjectCreateInfo,
- NULL,
- Header->ObjectCreateInfo->ProbeMode,
- FALSE);
+ ObpReleaseCapturedAttributes(Header->ObjectCreateInfo);
ExFreePool(Header->ObjectCreateInfo);
}
7091
days inactive
7091
days old
0 comments
1 participants
participants (1)
-
weiden@svn.reactos.com