From 0b595ead0965d15672749c4ce52e759979e55d9c Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Sun, 6 Nov 2011 14:23:39 +0000 Subject: [PATCH] [SERVICES] - Use FIELD_OFFSET for variable-length structure sizes - Handle an invalid parameter condition in RCreateServiceW. Fixes an advapi32:service test - Do not dereference a NULL-pointer on out-of-memory svn path=/trunk/; revision=54315 --- reactos/base/system/services/database.c | 4 ++-- reactos/base/system/services/rpcserver.c | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/reactos/base/system/services/database.c b/reactos/base/system/services/database.c index c550c1b9d38..fed72cf3aaf 100644 --- a/reactos/base/system/services/database.c +++ b/reactos/base/system/services/database.c @@ -193,7 +193,7 @@ ScmCreateOrReferenceServiceImage(PSERVICE pService) /* Create a new service image */ pServiceImage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(SERVICE_IMAGE) + ((wcslen(ImagePath.Buffer) + 1) * sizeof(WCHAR))); + FIELD_OFFSET(SERVICE_IMAGE, szImagePath[wcslen(ImagePath.Buffer) + 1])); if (pServiceImage == NULL) { dwError = ERROR_NOT_ENOUGH_MEMORY; @@ -368,7 +368,7 @@ ScmCreateNewServiceRecord(LPCWSTR lpServiceName, /* Allocate service entry */ lpService = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(SERVICE) + ((wcslen(lpServiceName) + 1) * sizeof(WCHAR))); + FIELD_OFFSET(SERVICE, szServiceName[wcslen(lpServiceName) + 1])); if (lpService == NULL) return ERROR_NOT_ENOUGH_MEMORY; diff --git a/reactos/base/system/services/rpcserver.c b/reactos/base/system/services/rpcserver.c index ab03dbdd6b3..6aaa42716ee 100644 --- a/reactos/base/system/services/rpcserver.c +++ b/reactos/base/system/services/rpcserver.c @@ -155,7 +155,7 @@ ScmCreateManagerHandle(LPWSTR lpDatabaseName, Ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(MANAGER_HANDLE) + (wcslen(lpDatabaseName) + 1) * sizeof(WCHAR)); + FIELD_OFFSET(MANAGER_HANDLE, DatabaseName[wcslen(lpDatabaseName) + 1])); if (Ptr == NULL) return ERROR_NOT_ENOUGH_MEMORY; @@ -1999,6 +1999,12 @@ DWORD RCreateServiceW( return ERROR_INVALID_PARAMETER; } + if ((dwServiceType & SERVICE_KERNEL_DRIVER) && + (dwServiceType & SERVICE_FILE_SYSTEM_DRIVER)) + { + return ERROR_INVALID_PARAMETER; + } + if ((dwServiceType == (SERVICE_WIN32_OWN_PROCESS | SERVICE_INTERACTIVE_PROCESS)) && (lpServiceStartName)) { @@ -2267,9 +2273,12 @@ done:; } else { - /* Release the display name buffer */ - if (lpService->lpServiceName != NULL) + if (lpService != NULL && + lpService->lpServiceName != NULL) + { + /* Release the display name buffer */ HeapFree(GetProcessHeap(), 0, lpService->lpDisplayName); + } if (hServiceHandle) { @@ -2366,7 +2375,7 @@ DWORD REnumDependentServicesW( (dwServicesReturned + 1) * sizeof(PSERVICE)); if (!lpServicesArray) { - DPRINT("Could not allocate a buffer!!\n"); + DPRINT1("Could not allocate a buffer!!\n"); dwError = ERROR_NOT_ENOUGH_MEMORY; goto Done; } @@ -4550,8 +4559,8 @@ DWORD RChangeServiceConfig2A( dwLength = (strlen(Info.lpDescription) + 1) * sizeof(WCHAR); lpServiceDescriptonW = HeapAlloc(GetProcessHeap(), - 0, - dwLength + sizeof(SERVICE_DESCRIPTIONW)); + 0, + dwLength + sizeof(SERVICE_DESCRIPTIONW)); if (!lpServiceDescriptonW) { return ERROR_NOT_ENOUGH_MEMORY;