Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-30 18:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dmitry Chapyshev

Browse source 
- Add buffer length checks to NtQueryInformationThread.

svn path=/trunk/; revision=38561
This commit is contained in:
Aleksey Bragin 2009-01-04 13:43:08 +00:00
parent b7aa576e73
commit 0491ac98be
1 changed files with 48 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
reactos/ntoskrnl/ps/query.c
View file

@ -1200,6 +1200,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
/* Basic thread information */
case ThreadBasicInformation:
/* Set return length */
Length = sizeof(THREAD_BASIC_INFORMATION);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect writes with SEH */
_SEH2_TRY
{
@ -1210,9 +1218,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
ThreadBasicInfo->AffinityMask = Thread->Tcb.Affinity;
ThreadBasicInfo->Priority = Thread->Tcb.Priority;
ThreadBasicInfo->BasePriority = KeQueryBasePriorityThread(&Thread->Tcb);
/* Set return length */
Length = sizeof(THREAD_BASIC_INFORMATION);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -1225,6 +1230,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
/* Thread time information */
case ThreadTimes:
/* Set the return length */
Length = sizeof(KERNEL_USER_TIMES);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect writes with SEH */
_SEH2_TRY
{
@ -1235,9 +1248,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
100000LL;
ThreadTime->CreateTime = Thread->CreateTime;
ThreadTime->ExitTime = Thread->ExitTime;
/* Set the return length */
Length = sizeof(KERNEL_USER_TIMES);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -1249,14 +1259,19 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadQuerySetWin32StartAddress:
/* Set the return length*/
Length = sizeof(PVOID);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */
_SEH2_TRY
{
/* Return the Win32 Start Address */
*(PVOID*)ThreadInformation = Thread->Win32StartAddress;
/* Set the return length*/
Length = sizeof(PVOID);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -1268,14 +1283,19 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadPerformanceCount:
/* Set the return length*/
Length = sizeof(LARGE_INTEGER);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */
_SEH2_TRY
{
/* FIXME */
(*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
/* Set the return length*/
Length = sizeof(LARGE_INTEGER);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -1287,6 +1307,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadAmILastThread:
/* Set the return length*/
Length = sizeof(ULONG);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */
_SEH2_TRY
{
@ -1296,9 +1324,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
&Thread->ThreadsProcess->
ThreadListHead) ?
TRUE : FALSE);
/* Set the return length*/
Length = sizeof(ULONG);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -1310,6 +1335,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadIsIoPending:
/* Set the return length*/
Length = sizeof(ULONG);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Raise the IRQL to protect the IRP list */
KeRaiseIrql(APC_LEVEL, &OldIrql);
@ -1318,9 +1351,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
{
/* Check if the IRP list is empty or not */
*(PULONG)ThreadInformation = !IsListEmpty(&Thread->IrpList);
/* Set the return length*/
Length = sizeof(ULONG);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{