Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-21 05:21:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:CONFIG] Fix NtSetValueKey data probing

Browse source 
Probe the data before allocating a copy buffer. Otherwise NtSetValueKey returns an unexpected status code in case of too large data size.

This fixes the NtSetValueKey ntdll api tests.
This commit is contained in:
Eric Kohl 2020-02-23 21:35:57 +01:00
parent dee771817e
commit 482eb909fe
1 changed files with 22 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
ntoskrnl/config/ntapi.c
View file

@ -890,16 +890,35 @@ NtSetValueKey(IN HANDLE KeyHandle,
/* Probe and copy the data */
if ((PreviousMode != KernelMode) && (DataSize != 0))
{
PVOID DataCopy = ExAllocatePoolWithTag(PagedPool, DataSize, TAG_CM);
PVOID DataCopy = NULL;
_SEH2_TRY
{
ProbeForRead(Data, DataSize, 1);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
if (!NT_SUCCESS(Status))
{
/* Dereference and return status */
ObDereferenceObject(KeyObject);
return Status;
}
DataCopy = ExAllocatePoolWithTag(PagedPool, DataSize, TAG_CM);
if (!DataCopy)
{
/* Dereference and return status */
ObDereferenceObject(KeyObject);
return STATUS_INSUFFICIENT_RESOURCES;
}
_SEH2_TRY
{
ProbeForRead(Data, DataSize, 1);
RtlCopyMemory(DataCopy, Data, DataSize);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
@ -915,6 +934,7 @@ NtSetValueKey(IN HANDLE KeyHandle,
ObDereferenceObject(KeyObject);
return Status;
}
Data = DataCopy;
}