Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 01:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

RtlCaptureUnicodeString should also check the buffers that the UNICODE_STRING structure points to...

Browse source 
svn path=/trunk/; revision=13219
This commit is contained in:
Thomas Bluemel 2005-01-22 20:53:14 +00:00
parent 87a8d3ebeb
commit 31067aaecb
1 changed files with 22 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
reactos/ntoskrnl/rtl/capture.c
View file

@ -58,6 +58,12 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
sizeof(UNICODE_STRING), sizeof(UNICODE_STRING),
sizeof(ULONG)); sizeof(ULONG));
Src = *UnsafeSrc; Src = *UnsafeSrc;
if(Src.Length > 0)
{
ProbeForRead(Src.Buffer,
Src.Length,
sizeof(WCHAR));
}
} }
_SEH_HANDLE _SEH_HANDLE
{ {
@ -86,20 +92,19 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
* Initialize the destination string. * Initialize the destination string.
*/ */
Dest->Length = Src.Length; Dest->Length = Src.Length;
Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL)
{
Dest->Length = Dest->MaximumLength = 0;
Dest->Buffer = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
/*
* Copy the source string to kernel space.
*/
if(Src.Length > 0) if(Src.Length > 0)
{ {
Dest->MaximumLength = Src.Length + sizeof(WCHAR);
Dest->Buffer = ExAllocatePool(PoolType, Dest->MaximumLength);
if (Dest->Buffer == NULL)
{
Dest->Length = Dest->MaximumLength = 0;
Dest->Buffer = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
/*
* Copy the source string to kernel space.
*/
_SEH_TRY _SEH_TRY
{ {
RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length); RtlCopyMemory(Dest->Buffer, Src.Buffer, Src.Length);
@ -111,6 +116,11 @@ RtlCaptureUnicodeString(OUT PUNICODE_STRING Dest,
} }
_SEH_END; _SEH_END;
} }
else
{
Dest->MaximumLength = 0;
Dest->Buffer = NULL;
}
return Status; return Status;
} }