Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-21 13:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

[0.4.7][NTOS][WIN32SS][UDFS] Fix double free in ObCreateObject, fix retvals CORE-14271

Browse source 
Backport the following commits:
0.4.15-dev-6401-g 53b30e3f3b [NTOSKRNL][NTGDI] Formatting addendum, no functional change
0.4.15-dev-5487-g e7bbbf049e [NTOS] Fix double free on allocation failure in ObCreateObject
partially 0.4.13-dev-358-g 38db074491 [WIN32SS][UDFS] Misc addendum to CORE-14271 (#1529)
0.4.12-dev-648-g 17af7f0c27 [UDFS] Correctly check SeSinglePrivilegeCheck() return value (#1324) CORE-14271
0.4.12-dev-552-g 0483a5a380 [NTOS:OB] Correctly check SeSinglePrivilegeCheck() return value (#1323) CORE-14271
partially 0.4.10-dev-528-g 2c909db295 [NTOS:OB] Remove duplicated ObpTypeObjectType from ob.h
0.4.8-dev-954-g 862b82f3fa [WIN32K:NTGDI] Fix more uses of RtlCreateUnicodeString. CORE-14271
0.4.8-dev-949-g 7f687154a0 [WIN32K:NTGDI] Correctly interpret RtlCreateUnicodeString return value. CORE-14271
0.4.8-dev-948-g 6e750d189a [NTOS:CM] Correctly interpret RtlCreateUnicodeString return value. CORE-14271

Just for verifying that the size didn't increase anywhere:

ntoskrnl.exe GCC8.4.0dbg RosBEWin2.2.2 master               5.124.096
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.14  4.413.440 -> 4.413.440
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.13  4.367.360 -> 4.367.360
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.12  4.377.600 -> 4.377.600
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.11  4.377.088 -> 4.377.088
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.10  4.344.320 -> 4.344.320
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  4.311.552 -> 4.311.552
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  4.296.704 -> 4.296.704
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  4.231.168 -> 4.231.168

udfs.sys     GCC8.4.0dbg RosBEWin2.2.2 master             835.584
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.14  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.13  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.12  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.11  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.10  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  749.568 -> 749.568

user32.dll   GCC8.4.0dbg RosBEWin2.2.2 master               1.585.152
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  1.448.448 -> 1.448.448
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  1.445.376 -> 1.445.376
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  1.455.616 -> 1.455.616
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  1.453.056 -> 1.453.056
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  1.434.624 -> 1.434.624
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  1.422.336 -> 1.422.336
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  1.421.824 -> 1.421.824
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  1.418.752 -> 1.418.752

win32k.sys   GCC8.4.0dbg RosBEWin2.2.2 master               3.477.504
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  2.904.064 -> 2.904.064
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  2.895.872 -> 2.895.872
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  2.887.680 -> 2.887.680
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  2.867.200 -> 2.867.200
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  2.863.104 -> 2.863.104
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  2.834.432 -> 2.834.432
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  2.830.336 -> 2.830.336
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  2.830.336 -> 2.830.336
This commit is contained in:
Joachim Henze 2023-08-02 01:01:40 +02:00
parent 82e9061e36
commit 0d16cd41f1
7 changed files with 33 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/filesystems/udfs/create.cpp
View file

@ -742,9 +742,9 @@ op_vol_accs_dnd:
// we should check appropriate privilege if OpenForBackup requested
if(OpenForBackup) {
RC = SeSinglePrivilegeCheck(SeExports->SeBackupPrivilege, UserMode);
if(!NT_SUCCESS(RC))
try_return(RC);
if (!SeSinglePrivilegeCheck(SeExports->SeBackupPrivilege, UserMode)) {
try_return(RC = STATUS_PRIVILEGE_NOT_HELD);
}
}
// The FSD might wish to implement the open-by-id option. The "id"

5
drivers/filesystems/udfs/secursup.cpp
View file

@ -934,9 +934,9 @@ UDFCheckAccessRights(
)
{
NTSTATUS RC;
BOOLEAN SecurityCheck = TRUE;
BOOLEAN ROCheck = FALSE;
#ifdef UDF_ENABLE_SECURITY
BOOLEAN SecurityCheck;
PSECURITY_DESCRIPTOR SecDesc;
SECURITY_SUBJECT_CONTEXT SubjectContext;
ACCESS_MASK LocalAccessMask;
@ -1011,8 +1011,7 @@ treat_as_ro:
} else
#endif //UDF_ENABLE_SECURITY
if(DesiredAccess & ACCESS_SYSTEM_SECURITY) {
SecurityCheck = SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode);
if(!SecurityCheck)
if (!SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode))
return STATUS_ACCESS_DENIED;
Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
}

10
ntoskrnl/config/cmsysini.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS Kernel
* LICENSE: BSD - See COPYING.ARM in the top level directory
* FILE: ntoskrnl/config/cmsysini.c
* PURPOSE: Configuration Manager - System Initialization Code
* PROGRAMMERS: ReactOS Portable Systems Group
* Alex Ionescu (alex.ionescu@reactos.org)
@ -412,7 +411,7 @@ CmpSetSystemValues(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
NULL,
NULL);
Status = NtOpenKey(&KeyHandle, KEY_WRITE, &ObjectAttributes);
if (!NT_SUCCESS(Status)) goto Quickie;
if (!NT_SUCCESS(Status)) goto Quit;
/* Key opened, now write to the key */
RtlInitUnicodeString(&KeyName, L"SystemStartOptions");
@ -422,7 +421,7 @@ CmpSetSystemValues(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
REG_SZ,
CmpLoadOptions.Buffer,
CmpLoadOptions.Length);
if (!NT_SUCCESS(Status)) goto Quickie;
if (!NT_SUCCESS(Status)) goto Quit;
/* Setup value name for system boot device in ARC format */
RtlInitUnicodeString(&KeyName, L"SystemBootDevice");
@ -434,7 +433,7 @@ CmpSetSystemValues(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
ValueName.Buffer,
ValueName.Length);
Quickie:
Quit:
/* Free the buffers */
RtlFreeUnicodeString(&ValueName);
@ -894,8 +893,7 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
if (!NT_SUCCESS(Status)) return FALSE;
/* Set the hive filename */
RtlCreateUnicodeString(&SystemHive->FileFullPath,
L"\\SystemRoot\\System32\\Config\\SYSTEM");
RtlCreateUnicodeString(&SystemHive->FileFullPath, L"\\SystemRoot\\System32\\Config\\SYSTEM");
/* We imported, no need to create a new hive */
Allocate = FALSE;

1
ntoskrnl/include/internal/ob.h
View file

@ -602,7 +602,6 @@ extern KEVENT ObpDefaultObject;
extern KGUARDED_MUTEX ObpDeviceMapLock;
extern POBJECT_TYPE ObpTypeObjectType;
extern POBJECT_TYPE ObSymbolicLinkType;
extern POBJECT_TYPE ObpTypeObjectType;
extern POBJECT_DIRECTORY ObpRootDirectoryObject;
extern POBJECT_DIRECTORY ObpTypeDirectoryObject;
extern PHANDLE_TABLE ObpKernelHandleTable;

17
ntoskrnl/ob/oblife.c
View file

@ -858,10 +858,11 @@ ObpAllocateObject(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
NTSTATUS
NTAPI
ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
ObQueryTypeInfo(
IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
{
NTSTATUS Status = STATUS_SUCCESS;
PWSTR InfoBuffer;
@ -873,7 +874,7 @@ ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
*ReturnLength += sizeof(*ObjectTypeInfo) +
ALIGN_UP(ObjectType->Name.MaximumLength, ULONG);
/* Check if thats too much though. */
/* Check if that is too much */
if (Length < *ReturnLength)
{
_SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
@ -1022,6 +1023,7 @@ ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL,
/* Release the Capture Info, we don't need it */
ObpFreeObjectCreateInformation(ObjectCreateInfo);
if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
return Status;
}
/* We failed, so release the Buffer */
@ -1413,9 +1415,8 @@ NtMakePermanentObject(IN HANDLE ObjectHandle)
PAGED_CODE();
/* Make sure that the caller has SeCreatePermanentPrivilege */
Status = SeSinglePrivilegeCheck(SeCreatePermanentPrivilege,
PreviousMode);
if (!NT_SUCCESS(Status)) return STATUS_PRIVILEGE_NOT_HELD;
if (!SeSinglePrivilegeCheck(SeCreatePermanentPrivilege, PreviousMode))
return STATUS_PRIVILEGE_NOT_HELD;
/* Reference the object */
Status = ObReferenceObjectByHandle(ObjectHandle,

14
win32ss/gdi/ntgdi/freetype.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS win32 kernel mode subsystem
* LICENSE: GPL - See COPYING in the top level directory
* FILE: win32ss/gdi/ntgdi/freetype.c
* PURPOSE: FreeType font engine interface
* PROGRAMMERS: Copyright 2001 Huw D M Davies for CodeWeavers.
* Copyright 2006 Dmitry Timoshkov for CodeWeavers.
@ -367,9 +366,9 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
Length = pInfo->NameLength / sizeof(WCHAR);
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
Status = RtlCreateUnicodeString(&FromW, pInfo->Name);
if (!NT_SUCCESS(Status))
if (!RtlCreateUnicodeString(&FromW, pInfo->Name))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");
break; /* failure */
}
@ -389,9 +388,9 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pch = (LPWSTR)((PUCHAR)pInfo + pInfo->DataOffset);
Length = pInfo->DataLength / sizeof(WCHAR);
pch[Length] = UNICODE_NULL; /* truncate */
Status = RtlCreateUnicodeString(&ToW, pch);
if (!NT_SUCCESS(Status))
if (!RtlCreateUnicodeString(&ToW, pch))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");
RtlFreeUnicodeString(&FromW);
break; /* failure */
@ -2166,7 +2165,10 @@ IntGetFontLocalizedName(PUNICODE_STRING pNameW, PSHARED_FACE SharedFace,
/* Convert UTF-16 big endian to little endian */
SwapEndian(Buf, Name.string_len);
Status = RtlCreateUnicodeString(pNameW, Buf);
if (RtlCreateUnicodeString(pNameW, Buf))
Status = STATUS_SUCCESS;
else
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}

24
win32ss/user/user32/windows/clipboard.c
View file

@ -9,8 +9,6 @@
*
*/
/* INCLUDES ******************************************************************/
#include <user32.h>
#define NDEBUG
@ -18,8 +16,6 @@
#include <wine/debug.h>
WINE_DEFAULT_DEBUG_CHANNEL(user32);
/* FUNCTIONS *****************************************************************/
/*
* @implemented
*/
@ -96,7 +92,7 @@ UINT
WINAPI
RegisterClipboardFormatA(LPCSTR lpszFormat)
{
UINT ret = 0;
UINT ret;
UNICODE_STRING usFormat = {0};
if (lpszFormat == NULL)
@ -105,19 +101,17 @@ RegisterClipboardFormatA(LPCSTR lpszFormat)
return 0;
}
/* check for "" */
if (*lpszFormat == 0) //NULL
{
SetLastError(ERROR_INVALID_NAME);
return 0;
}
ret = RtlCreateUnicodeStringFromAsciiz(&usFormat, lpszFormat);
if (ret)
{
ret = NtUserRegisterWindowMessage(&usFormat); //(LPCWSTR)
RtlFreeUnicodeString(&usFormat);
}
if (!RtlCreateUnicodeStringFromAsciiz(&usFormat, lpszFormat))
return 0;
ret = NtUserRegisterWindowMessage(&usFormat); //(LPCWSTR)
RtlFreeUnicodeString(&usFormat);
return ret;
}
@ -129,7 +123,6 @@ UINT
WINAPI
RegisterClipboardFormatW(LPCWSTR lpszFormat)
{
UINT ret = 0;
UNICODE_STRING usFormat = {0};
if (lpszFormat == NULL)
@ -138,7 +131,6 @@ RegisterClipboardFormatW(LPCWSTR lpszFormat)
return 0;
}
/* check for "" */
if (*lpszFormat == 0) //NULL
{
SetLastError(ERROR_INVALID_NAME);
@ -146,9 +138,7 @@ RegisterClipboardFormatW(LPCWSTR lpszFormat)
}
RtlInitUnicodeString(&usFormat, lpszFormat);
ret = NtUserRegisterWindowMessage(&usFormat);
return ret;
return NtUserRegisterWindowMessage(&usFormat);
}
static PVOID WINAPI