Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added two missing dereferencing calls in ObReferenceObjectByHandle.

Browse source 
Checked also for NtCurrentThread in NtDuplicateObject.  
Used the return value from InterlockedIncrement to check for a correct handle count.

svn path=/trunk/; revision=14188
This commit is contained in:
Hartmut Birr 2005-03-19 09:18:58 +00:00
parent c2a04f5107
commit 0692378689
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
reactos/ntoskrnl/ob/handle.c
View file

@ -166,6 +166,7 @@ ObDuplicateObject(PEPROCESS SourceProcess,
POBJECT_HEADER ObjectHeader; POBJECT_HEADER ObjectHeader;
LONG ExTargetHandle; LONG ExTargetHandle;
LONG ExSourceHandle = HANDLE_TO_EX_HANDLE(SourceHandle); LONG ExSourceHandle = HANDLE_TO_EX_HANDLE(SourceHandle);
ULONG NewHandleCount;
PAGED_CODE(); PAGED_CODE();
@ -200,8 +201,8 @@ ObDuplicateObject(PEPROCESS SourceProcess,
1 here, we're in big trouble... it would've been safe to increment and 1 here, we're in big trouble... it would've been safe to increment and
check the handle count without using interlocked functions because the check the handle count without using interlocked functions because the
entry is locked, which means the handle count can't change. */ entry is locked, which means the handle count can't change. */
InterlockedIncrement(&ObjectHeader->HandleCount); NewHandleCount = InterlockedIncrement(&ObjectHeader->HandleCount);
ASSERT(ObjectHeader->HandleCount >= 2); ASSERT(NewHandleCount >= 2);
ExUnlockHandleTableEntry(SourceProcess->ObjectTable, ExUnlockHandleTableEntry(SourceProcess->ObjectTable,
SourceHandleEntry); SourceHandleEntry);
@ -329,7 +330,8 @@ NtDuplicateObject (IN HANDLE SourceProcessHandle,
} }
/* Check for magic handle first */ /* Check for magic handle first */
if (SourceHandle == NtCurrentThread()) if (SourceHandle == NtCurrentThread() ||
SourceHandle == NtCurrentProcess())
{ {
PVOID ObjectBody; PVOID ObjectBody;
@ -746,6 +748,7 @@ ObReferenceObjectByHandle(HANDLE Handle,
HandleEntry); HandleEntry);
KeLeaveCriticalRegion(); KeLeaveCriticalRegion();
ObDereferenceObject(ObjectBody);
return(STATUS_OBJECT_TYPE_MISMATCH); return(STATUS_OBJECT_TYPE_MISMATCH);
} }
@ -762,6 +765,7 @@ ObReferenceObjectByHandle(HANDLE Handle,
if (!(GrantedAccess & DesiredAccess) && if (!(GrantedAccess & DesiredAccess) &&
!((~GrantedAccess) & DesiredAccess)) !((~GrantedAccess) & DesiredAccess))
{ {
ObDereferenceObject(ObjectBody);
CHECKPOINT; CHECKPOINT;
return(STATUS_ACCESS_DENIED); return(STATUS_ACCESS_DENIED);
} }