Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-27 09:34:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

RtlCaptureUnicodeString should also check the buffers that the UNICODE_STRING structure points to...

Browse source 
svn path=/trunk/; revision=13219
This commit is contained in:
Thomas Bluemel 2005-01-22 20:53:14 +00:00
parent 87a8d3ebeb
commit 31067aaecb
1 changed files with 22 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
reactos/ntoskrnl/rtl/capture.c
View file

@ -58,6 +58,12 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
sizeof(UNICODE_STRING),
sizeof(ULONG));
Src = *UnsafeSrc;
if(Src.Length > 0)
{
ProbeForRead(Src.Buffer,
Src.Length,
sizeof(WCHAR));
}
}
_SEH_HANDLE
{
@ -86,20 +92,19 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
* Initialize the destination string.
*/
Dest->Length = Src.Length;
Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL)
{
Dest->Length = Dest->MaximumLength = 0;
Dest->Buffer = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
/*
* Copy the source string to kernel space.
*/
if(Src.Length > 0)
{
Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL)
{
Dest->Length = Dest->MaximumLength = 0;
Dest->Buffer = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
/*
* Copy the source string to kernel space.
*/
_SEH_TRY
{
RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length);
@ -111,6 +116,11 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
}
_SEH_END;
}
else
{
Dest->MaximumLength = 0;
Dest->Buffer = NULL;
}
return Status;
}