Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-04 11:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dmitry Chapyshev

Browse source 
- Add buffer length checks to NtQueryInformationThread.

svn path=/trunk/; revision=38561
This commit is contained in:
Aleksey Bragin 2009-01-04 13:43:08 +00:00
parent b7aa576e73
commit 0491ac98be
1 changed files with 48 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
reactos/ntoskrnl/ps/query.c
View file

@ -1200,6 +1200,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
/* Basic thread information */ /* Basic thread information */
case ThreadBasicInformation: case ThreadBasicInformation:
/* Set return length */
Length = sizeof(THREAD_BASIC_INFORMATION);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect writes with SEH */ /* Protect writes with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -1210,9 +1218,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
ThreadBasicInfo->AffinityMask = Thread->Tcb.Affinity; ThreadBasicInfo->AffinityMask = Thread->Tcb.Affinity;
ThreadBasicInfo->Priority = Thread->Tcb.Priority; ThreadBasicInfo->Priority = Thread->Tcb.Priority;
ThreadBasicInfo->BasePriority = KeQueryBasePriorityThread(&Thread->Tcb); ThreadBasicInfo->BasePriority = KeQueryBasePriorityThread(&Thread->Tcb);
/* Set return length */
Length = sizeof(THREAD_BASIC_INFORMATION);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -1225,6 +1230,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
/* Thread time information */ /* Thread time information */
case ThreadTimes: case ThreadTimes:
/* Set the return length */
Length = sizeof(KERNEL_USER_TIMES);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect writes with SEH */ /* Protect writes with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -1235,9 +1248,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
100000LL; 100000LL;
ThreadTime->CreateTime = Thread->CreateTime; ThreadTime->CreateTime = Thread->CreateTime;
ThreadTime->ExitTime = Thread->ExitTime; ThreadTime->ExitTime = Thread->ExitTime;
/* Set the return length */
Length = sizeof(KERNEL_USER_TIMES);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -1249,14 +1259,19 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadQuerySetWin32StartAddress: case ThreadQuerySetWin32StartAddress:
/* Set the return length*/
Length = sizeof(PVOID);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */ /* Protect write with SEH */
_SEH2_TRY _SEH2_TRY
{ {
/* Return the Win32 Start Address */ /* Return the Win32 Start Address */
*(PVOID*)ThreadInformation = Thread->Win32StartAddress; *(PVOID*)ThreadInformation = Thread->Win32StartAddress;
/* Set the return length*/
Length = sizeof(PVOID);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -1268,14 +1283,19 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadPerformanceCount: case ThreadPerformanceCount:
/* Set the return length*/
Length = sizeof(LARGE_INTEGER);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */ /* Protect write with SEH */
_SEH2_TRY _SEH2_TRY
{ {
/* FIXME */ /* FIXME */
(*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0; (*(PLARGE_INTEGER)ThreadInformation).QuadPart = 0;
/* Set the return length*/
Length = sizeof(LARGE_INTEGER);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -1287,6 +1307,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadAmILastThread: case ThreadAmILastThread:
/* Set the return length*/
Length = sizeof(ULONG);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */ /* Protect write with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -1296,9 +1324,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
&Thread->ThreadsProcess-> &Thread->ThreadsProcess->
ThreadListHead) ? ThreadListHead) ?
TRUE : FALSE); TRUE : FALSE);
/* Set the return length*/
Length = sizeof(ULONG);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -1310,6 +1335,14 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
case ThreadIsIoPending: case ThreadIsIoPending:
/* Set the return length*/
Length = sizeof(ULONG);
if (ThreadInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Raise the IRQL to protect the IRP list */ /* Raise the IRQL to protect the IRP list */
KeRaiseIrql(APC_LEVEL, &OldIrql); KeRaiseIrql(APC_LEVEL, &OldIrql);
@ -1318,9 +1351,6 @@ NtQueryInformationThread(IN HANDLE ThreadHandle,
{ {
/* Check if the IRP list is empty or not */ /* Check if the IRP list is empty or not */
*(PULONG)ThreadInformation = !IsListEmpty(&Thread->IrpList); *(PULONG)ThreadInformation = !IsListEmpty(&Thread->IrpList);
/* Set the return length*/
Length = sizeof(ULONG);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {