Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-06-01 15:38:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:KD] Protect against invalid user arguments in KdpPrintString. CORE-14057

Browse source
This commit is contained in:
Thomas Faber 2017-12-08 14:41:41 +01:00
parent 1a38c76266
commit 34ccecbce8
2 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ntoskrnl/include/internal/kd.h
View file

@ -193,8 +193,8 @@ KdpCallGdb(
ULONG ULONG
NTAPI NTAPI
KdpPrintString( KdpPrintString(
LPSTR String, _In_reads_bytes_(Length) PCHAR UnsafeString,
ULONG Length); _In_ ULONG Length);
ULONG ULONG
NTAPI NTAPI

28
ntoskrnl/kd/kdio.c
View file

@ -567,14 +567,38 @@ KdpScreenInit(PKD_DISPATCH_TABLE DispatchTable,
ULONG ULONG
NTAPI NTAPI
KdpPrintString(LPSTR String, KdpPrintString(
ULONG Length) _In_reads_bytes_(Length) PCHAR UnsafeString,
_In_ ULONG Length)
{ {
PLIST_ENTRY CurrentEntry; PLIST_ENTRY CurrentEntry;
PKD_DISPATCH_TABLE CurrentTable; PKD_DISPATCH_TABLE CurrentTable;
PCHAR String;
if (!KdpDebugMode.Value) return 0; if (!KdpDebugMode.Value) return 0;
Length = min(Length, 512);
if (ExGetPreviousMode() != KernelMode)
{
_SEH2_TRY
{
ProbeForRead(UnsafeString, Length, 1);
String = _alloca(Length + 1);
RtlCopyMemory(String, UnsafeString, Length);
String[Length] = ANSI_NULL;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
_SEH2_END;
}
else
{
String = UnsafeString;
}
/* Call the registered handlers */ /* Call the registered handlers */
CurrentEntry = KdProviders.Flink; CurrentEntry = KdProviders.Flink;
while (CurrentEntry != &KdProviders) while (CurrentEntry != &KdProviders)