Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

RtlCaptureUnicodeString should also check the buffers that the UNICODE_STRING structure points to...

Browse source 
svn path=/trunk/; revision=13219
This commit is contained in:
Thomas Bluemel 2005-01-22 20:53:14 +00:00
parent 87a8d3ebeb
commit 31067aaecb
1 changed files with 22 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
reactos/ntoskrnl/rtl/capture.c
View file

@ -58,6 +58,12 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
sizeof(UNICODE_STRING), sizeof(UNICODE_STRING),
sizeof(ULONG)); sizeof(ULONG));
Src = *UnsafeSrc; Src = *UnsafeSrc;
if(Src.Length > 0)
{
ProbeForRead(Src.Buffer,
Src.Length,
sizeof(WCHAR));
}
} }
_SEH_HANDLE _SEH_HANDLE
{ {
@ -86,6 +92,8 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
* Initialize the destination string. * Initialize the destination string.
*/ */
Dest->Length = Src.Length; Dest->Length = Src.Length;
if(Src.Length > 0)
{
Dest->MaximumLength = Src.Length + sizeof(WCHAR); Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength); Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL) if (Dest->Buffer == NULL)
@ -94,12 +102,9 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
Dest->Buffer = NULL; Dest->Buffer = NULL;
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
} }
/* /*
* Copy the source string to kernel space. * Copy the source string to kernel space.
*/ */
if(Src.Length > 0)
{
_SEH_TRY _SEH_TRY
{ {
RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length); RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length);
@ -111,6 +116,11 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
} }
_SEH_END; _SEH_END;
} }
else
{
Dest->MaximumLength = 0;
Dest->Buffer = NULL;
}
return Status; return Status;
} }