Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-04 19:54:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Don't reference target process in the beginning of NtQueryInformationProcess but check buffer's length first. Found out by Dmitry Chapyshev, fixes 3 winetests.

Browse source 
svn path=/trunk/; revision=39627
This commit is contained in:
Aleksey Bragin 2009-02-16 17:15:09 +00:00
parent f1d1259e79
commit 1d38fb2424
1 changed files with 151 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

166
reactos/ntoskrnl/ps/query.c
View file

@ -89,19 +89,8 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
if (!NT_SUCCESS(Status)) return Status; if (!NT_SUCCESS(Status)) return Status;
#endif #endif
/* Check if this isn't the cookie class */ if((ProcessInformationClass == ProcessCookie) &&
if(ProcessInformationClass != ProcessCookie) (ProcessHandle != NtCurrentProcess()))
{
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) return Status;
}
else if(ProcessHandle != NtCurrentProcess())
{ {
/* /*
* Retreiving the process cookie is only allowed for the calling process * Retreiving the process cookie is only allowed for the calling process
@ -125,6 +114,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Protect writes with SEH */ /* Protect writes with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -145,6 +144,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Quote limits and I/O Counters: not implemented */ /* Quote limits and I/O Counters: not implemented */
@ -158,7 +160,18 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
Status = STATUS_NOT_IMPLEMENTED; Status = STATUS_NOT_IMPLEMENTED;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Timing */ /* Timing */
@ -173,6 +186,15 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Protect writes with SEH */ /* Protect writes with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -190,6 +212,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Process Debug Port */ /* Process Debug Port */
@ -203,6 +228,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Protect write with SEH */ /* Protect write with SEH */
_SEH2_TRY _SEH2_TRY
{ {
@ -216,6 +251,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* LDT, WS and VDM Information: not implemented */ /* LDT, WS and VDM Information: not implemented */
@ -236,6 +274,15 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Count the number of handles this process has */ /* Count the number of handles this process has */
HandleCount = ObGetProcessHandleCount(Process); HandleCount = ObGetProcessHandleCount(Process);
@ -251,6 +298,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Session ID for the process */ /* Session ID for the process */
@ -264,6 +314,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Enter SEH for write safety */ /* Enter SEH for write safety */
_SEH2_TRY _SEH2_TRY
{ {
@ -276,6 +336,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* WOW64: Not implemented */ /* WOW64: Not implemented */
@ -295,6 +358,15 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Enter SEH for write safety */ /* Enter SEH for write safety */
_SEH2_TRY _SEH2_TRY
{ {
@ -318,6 +390,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Hard Error Processing Mode */ /* Hard Error Processing Mode */
@ -331,6 +406,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
@ -344,6 +429,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Priority Boosting status */ /* Priority Boosting status */
@ -357,6 +445,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
@ -370,6 +468,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* DOS Device Map */ /* DOS Device Map */
@ -383,6 +484,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Query the device map information */ /* Query the device map information */
ObQueryDeviceMapInformation(Process, &DeviceMap); ObQueryDeviceMapInformation(Process, &DeviceMap);
@ -397,6 +508,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Priority class */ /* Priority class */
@ -410,6 +524,16 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
} }
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
@ -422,10 +546,22 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH2_GetExceptionCode(); Status = _SEH2_GetExceptionCode();
} }
_SEH2_END; _SEH2_END;
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
case ProcessImageFileName: case ProcessImageFileName:
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_QUERY_INFORMATION,
PsProcessType,
PreviousMode,
(PVOID*)&Process,
NULL);
if (!NT_SUCCESS(Status)) break;
/* Get the image path */ /* Get the image path */
Status = SeLocateProcessImageName(Process, &ImageName); Status = SeLocateProcessImageName(Process, &ImageName);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
@ -465,6 +601,8 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Free the image path */ /* Free the image path */
ExFreePool(ImageName); ExFreePool(ImageName);
} }
/* Dereference the process */
ObDereferenceObject(Process);
break; break;
/* Per-process security cookie */ /* Per-process security cookie */
@ -537,8 +675,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
} }
_SEH2_END; _SEH2_END;
/* If we referenced the process, dereference it */
if(ProcessInformationClass != ProcessCookie) ObDereferenceObject(Process);
return Status; return Status;
} }