Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 19:03:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

secure access to buffers in NtQueryInformationProcess() and NtSetInformationProcess()

Browse source 
svn path=/trunk/; revision=13143
This commit is contained in:
Thomas Bluemel 2005-01-19 22:47:26 +00:00
parent 9543041c3d
commit 3638fef3ce
1 changed files with 171 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

115
reactos/ntoskrnl/ps/process.c
View file

@ -1147,7 +1147,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
PreviousMode, PreviousMode,
(PVOID*)&Process, (PVOID*)&Process,
NULL); NULL);
if (Status != STATUS_SUCCESS) if (!NT_SUCCESS(Status))
{ {
return(Status); return(Status);
} }
@ -1163,6 +1163,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
{ {
PPROCESS_BASIC_INFORMATION ProcessBasicInformationP = PPROCESS_BASIC_INFORMATION ProcessBasicInformationP =
(PPROCESS_BASIC_INFORMATION)ProcessInformation; (PPROCESS_BASIC_INFORMATION)ProcessInformation;
_SEH_TRY
{
ProcessBasicInformationP->ExitStatus = Process->ExitStatus; ProcessBasicInformationP->ExitStatus = Process->ExitStatus;
ProcessBasicInformationP->PebBaseAddress = Process->Peb; ProcessBasicInformationP->PebBaseAddress = Process->Peb;
ProcessBasicInformationP->AffinityMask = Process->Pcb.Affinity; ProcessBasicInformationP->AffinityMask = Process->Pcb.Affinity;
@ -1178,6 +1181,12 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
*ReturnLength = sizeof(PROCESS_BASIC_INFORMATION); *ReturnLength = sizeof(PROCESS_BASIC_INFORMATION);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessQuotaLimits: case ProcessQuotaLimits:
@ -1192,9 +1201,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
} }
else else
{ {
PKERNEL_USER_TIMES ProcessTimeP = PKERNEL_USER_TIMES ProcessTimeP = (PKERNEL_USER_TIMES)ProcessInformation;
(PKERNEL_USER_TIMES)ProcessInformation; _SEH_TRY
{
ProcessTimeP->CreateTime = Process->CreateTime; ProcessTimeP->CreateTime = Process->CreateTime;
ProcessTimeP->UserTime.QuadPart = Process->Pcb.UserTime * 100000LL; ProcessTimeP->UserTime.QuadPart = Process->Pcb.UserTime * 100000LL;
ProcessTimeP->KernelTime.QuadPart = Process->Pcb.KernelTime * 100000LL; ProcessTimeP->KernelTime.QuadPart = Process->Pcb.KernelTime * 100000LL;
@ -1205,6 +1214,12 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
*ReturnLength = sizeof(KERNEL_USER_TIMES); *ReturnLength = sizeof(KERNEL_USER_TIMES);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessDebugPort: case ProcessDebugPort:
@ -1221,13 +1236,22 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
} }
else else
{ {
PULONG HandleCount = (PULONG)ProcessInformation; ULONG HandleCount = ObpGetHandleCountByHandleTable(&Process->HandleTable);
*HandleCount = ObpGetHandleCountByHandleTable(&Process->HandleTable);
_SEH_TRY
{
*(PULONG)ProcessInformation = HandleCount;
if (ReturnLength) if (ReturnLength)
{ {
*ReturnLength = sizeof(ULONG); *ReturnLength = sizeof(ULONG);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessSessionInformation: case ProcessSessionInformation:
@ -1247,7 +1271,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
{ {
*ReturnLength = sizeof(PROCESS_SESSION_INFORMATION); *ReturnLength = sizeof(PROCESS_SESSION_INFORMATION);
} }
Status = STATUS_SUCCESS;
} }
_SEH_HANDLE _SEH_HANDLE
{ {
@ -1271,6 +1294,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
else else
{ {
PVM_COUNTERS pOut = (PVM_COUNTERS)ProcessInformation; PVM_COUNTERS pOut = (PVM_COUNTERS)ProcessInformation;
_SEH_TRY
{
pOut->PeakVirtualSize = Process->PeakVirtualSize; pOut->PeakVirtualSize = Process->PeakVirtualSize;
/* /*
* Here we should probably use VirtualSize.LowPart, but due to * Here we should probably use VirtualSize.LowPart, but due to
@ -1293,6 +1319,12 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
*ReturnLength = sizeof(VM_COUNTERS); *ReturnLength = sizeof(VM_COUNTERS);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessDefaultHardErrorMode: case ProcessDefaultHardErrorMode:
@ -1310,8 +1342,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
{ {
*ReturnLength = sizeof(ULONG); *ReturnLength = sizeof(ULONG);
} }
Status = STATUS_SUCCESS;
} }
_SEH_HANDLE _SEH_HANDLE
{ {
@ -1329,6 +1359,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
else else
{ {
PULONG BoostEnabled = (PULONG)ProcessInformation; PULONG BoostEnabled = (PULONG)ProcessInformation;
_SEH_TRY
{
*BoostEnabled = Process->Pcb.DisableBoost ? FALSE : TRUE; *BoostEnabled = Process->Pcb.DisableBoost ? FALSE : TRUE;
if (ReturnLength) if (ReturnLength)
@ -1336,6 +1369,12 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
*ReturnLength = sizeof(ULONG); *ReturnLength = sizeof(ULONG);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessDeviceMap: case ProcessDeviceMap:
@ -1345,12 +1384,24 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
} }
else else
{ {
ObQueryDeviceMapInformation(Process, (PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation); PROCESS_DEVICEMAP_INFORMATION DeviceMap;
ObQueryDeviceMapInformation(Process, &DeviceMap);
_SEH_TRY
{
*(PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation = DeviceMap;
if (ReturnLength) if (ReturnLength)
{ {
*ReturnLength = sizeof(PROCESS_DEVICEMAP_INFORMATION); *ReturnLength = sizeof(PROCESS_DEVICEMAP_INFORMATION);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessPriorityClass: case ProcessPriorityClass:
@ -1361,6 +1412,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
else else
{ {
PUSHORT Priority = (PUSHORT)ProcessInformation; PUSHORT Priority = (PUSHORT)ProcessInformation;
_SEH_TRY
{
*Priority = Process->PriorityClass; *Priority = Process->PriorityClass;
if (ReturnLength) if (ReturnLength)
@ -1368,6 +1422,12 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
*ReturnLength = sizeof(USHORT); *ReturnLength = sizeof(USHORT);
} }
} }
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break; break;
case ProcessImageFileName: case ProcessImageFileName:
@ -1377,9 +1437,15 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
* Propably if we can't find a PEB or ProcessParameters structure for the * Propably if we can't find a PEB or ProcessParameters structure for the
* process! * process!
*/ */
if(Process->Peb != NULL)
{
PRTL_USER_PROCESS_PARAMETERS ProcParams; PRTL_USER_PROCESS_PARAMETERS ProcParams;
ASSERT(Process->Peb);
ASSERT(Process->Peb->ProcessParameters); /* we need to attach to the process to make sure we're in the right context! */
KeAttachProcess(&Process->Pcb);
ASSERT(Process->Peb->ProcessParameters); /* FIXME - must ProcessParameters be really != NULL? */
ProcParams = Process->Peb->ProcessParameters; ProcParams = Process->Peb->ProcessParameters;
if(ProcessInformationLength < sizeof(UNICODE_STRING) + ProcParams->ImagePathName.Length + sizeof(WCHAR)) if(ProcessInformationLength < sizeof(UNICODE_STRING) + ProcParams->ImagePathName.Length + sizeof(WCHAR))
{ {
@ -1388,12 +1454,34 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
else else
{ {
PUNICODE_STRING DstPath = (PUNICODE_STRING)ProcessInformation; PUNICODE_STRING DstPath = (PUNICODE_STRING)ProcessInformation;
_SEH_TRY
{
DstPath->Length = ProcParams->ImagePathName.Length; DstPath->Length = ProcParams->ImagePathName.Length;
DstPath->MaximumLength = DstPath->Length + sizeof(WCHAR); DstPath->MaximumLength = DstPath->Length + sizeof(WCHAR);
DstPath->Buffer = (PWSTR)(DstPath + 1); DstPath->Buffer = (PWSTR)(DstPath + 1);
RtlCopyMemory(DstPath->Buffer, ProcParams->ImagePathName.Buffer, ProcParams->ImagePathName.Length); RtlCopyMemory(DstPath->Buffer, ProcParams->ImagePathName.Buffer, ProcParams->ImagePathName.Length);
DstPath->Buffer[DstPath->Length / sizeof(WCHAR)] = L'\0'; DstPath->Buffer[DstPath->Length / sizeof(WCHAR)] = L'\0';
if (ReturnLength)
{
*ReturnLength = sizeof(UNICODE_STRING) + ProcParams->ImagePathName.Length + sizeof(WCHAR);
}
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
KeDetachProcess();
}
else
{
/* FIXME - what to do here? */
Status = STATUS_UNSUCCESSFUL;
} }
break; break;
} }
@ -1415,8 +1503,9 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
default: default:
Status = STATUS_INVALID_INFO_CLASS; Status = STATUS_INVALID_INFO_CLASS;
} }
ObDereferenceObject(Process); ObDereferenceObject(Process);
return(Status); return Status;
} }