Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-18 02:16:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:PNP]

Browse source 
- Add missing SEH/Probe in NtGetPlugPlayEvent and IopGetInterfaceDeviceList, and correctly copy the interface list. Patch by Stephan Röger.
CORE-9498 #resolve

svn path=/trunk/; revision=67129
This commit is contained in:
Thomas Faber 2015-04-10 10:10:28 +00:00
parent 36e31c92b2
commit 68348f909b
1 changed files with 41 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
reactos/ntoskrnl/io/pnpmgr/plugplay.c
View file

@ -214,22 +214,23 @@ static NTSTATUS
IopGetInterfaceDeviceList(PPLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA DeviceList)
{
NTSTATUS Status;
PLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA StackList;
UNICODE_STRING DeviceInstance;
PDEVICE_OBJECT DeviceObject = NULL;
ULONG BufferSize = 0;
GUID FilterGuid;
PZZWSTR SymbolicLinkList = NULL, LinkList;
ULONG TotalLength = 0;
ULONG TotalLength;
_SEH2_TRY
{
ProbeForRead(DeviceList->FilterGuid, sizeof(GUID), sizeof(UCHAR));
RtlCopyMemory(&FilterGuid, DeviceList->FilterGuid, sizeof(GUID));
RtlCopyMemory(&StackList, DeviceList, sizeof(PLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA));
if (DeviceList->Buffer != NULL && DeviceList->BufferSize != 0)
ProbeForRead(StackList.FilterGuid, sizeof(GUID), sizeof(UCHAR));
RtlCopyMemory(&FilterGuid, StackList.FilterGuid, sizeof(GUID));
if (StackList.Buffer != NULL && StackList.BufferSize != 0)
{
BufferSize = DeviceList->BufferSize;
ProbeForWrite(DeviceList->Buffer, BufferSize, sizeof(UCHAR));
ProbeForWrite(StackList.Buffer, StackList.BufferSize, sizeof(UCHAR));
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
@ -238,8 +239,7 @@ IopGetInterfaceDeviceList(PPLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA DeviceLis
}
_SEH2_END;
Status = IopCaptureUnicodeString(&DeviceInstance, &DeviceList->DeviceInstance);
Status = IopCaptureUnicodeString(&DeviceInstance, &StackList.DeviceInstance);
if (NT_SUCCESS(Status))
{
/* Get the device object */
@ -247,7 +247,7 @@ IopGetInterfaceDeviceList(PPLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA DeviceLis
ExFreePool(DeviceInstance.Buffer);
}
Status = IoGetDeviceInterfaces(&FilterGuid, DeviceObject, DeviceList->Flags, &SymbolicLinkList);
Status = IoGetDeviceInterfaces(&FilterGuid, DeviceObject, StackList.Flags, &SymbolicLinkList);
ObDereferenceObject(DeviceObject);
if (!NT_SUCCESS(Status))
@ -259,16 +259,28 @@ IopGetInterfaceDeviceList(PPLUGPLAY_CONTROL_INTERFACE_DEVICE_LIST_DATA DeviceLis
LinkList = SymbolicLinkList;
while (*SymbolicLinkList != UNICODE_NULL)
{
TotalLength += (wcslen(SymbolicLinkList) + 1) * sizeof(WCHAR);
SymbolicLinkList += wcslen(SymbolicLinkList) + (sizeof(UNICODE_NULL) / sizeof(WCHAR));
}
TotalLength += sizeof(UNICODE_NULL);
TotalLength = ((SymbolicLinkList - LinkList + 1) * sizeof(WCHAR));
if (BufferSize >= TotalLength)
_SEH2_TRY
{
RtlCopyMemory(DeviceList->Buffer, SymbolicLinkList, TotalLength * sizeof(WCHAR));
if (StackList.Buffer != NULL &&
StackList.BufferSize >= TotalLength)
{
// We've already probed the buffer for writing above.
RtlCopyMemory(StackList.Buffer, LinkList, TotalLength);
}
DeviceList->BufferSize = TotalLength;
}
DeviceList->BufferSize = TotalLength;
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
ExFreePool(LinkList);
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
ExFreePool(LinkList);
return STATUS_SUCCESS;
}
@ -831,9 +843,20 @@ NtGetPlugPlayEvent(IN ULONG Reserved1,
}
/* Copy event data to the user buffer */
memcpy(Buffer,
&Entry->Event,
Entry->Event.TotalSize);
_SEH2_TRY
{
ProbeForWrite(Buffer,
Entry->Event.TotalSize,
sizeof(UCHAR));
RtlCopyMemory(Buffer,
&Entry->Event,
Entry->Event.TotalSize);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
DPRINT("NtGetPlugPlayEvent() done\n");