From 68ebcf16b8472a61e23a03fd44a9ba98155f53cd Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Fri, 8 Dec 2017 14:45:26 +0100 Subject: [PATCH] [NTOS:KD] Protect against invalid user arguments for BREAKPOINT_LOAD_SYMBOLS. CORE-14057 --- ntoskrnl/kd/kdmain.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/ntoskrnl/kd/kdmain.c b/ntoskrnl/kd/kdmain.c index a6627b8ec08..52b8babbcea 100644 --- a/ntoskrnl/kd/kdmain.c +++ b/ntoskrnl/kd/kdmain.c @@ -153,11 +153,38 @@ KdpEnterDebuggerException(IN PKTRAP_FRAME TrapFrame, #ifdef KDBG else if (ExceptionCommand == BREAKPOINT_LOAD_SYMBOLS) { + PKD_SYMBOLS_INFO SymbolsInfo; + KD_SYMBOLS_INFO CapturedSymbolsInfo; PLDR_DATA_TABLE_ENTRY LdrEntry; - /* Load symbols. Currently implemented only for KDBG! */ - if(KdbpSymFindModule(((PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2])->BaseOfDll, NULL, -1, &LdrEntry)) - KdbSymProcessSymbols(LdrEntry); + SymbolsInfo = (PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2]; + if (PreviousMode != KernelMode) + { + _SEH2_TRY + { + ProbeForRead(SymbolsInfo, + sizeof(*SymbolsInfo), + 1); + RtlCopyMemory(&CapturedSymbolsInfo, + SymbolsInfo, + sizeof(*SymbolsInfo)); + SymbolsInfo = &CapturedSymbolsInfo; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + SymbolsInfo = NULL; + } + _SEH2_END; + } + + if (SymbolsInfo != NULL) + { + /* Load symbols. Currently implemented only for KDBG! */ + if (KdbpSymFindModule(SymbolsInfo->BaseOfDll, NULL, -1, &LdrEntry)) + { + KdbSymProcessSymbols(LdrEntry); + } + } } else if (ExceptionCommand == BREAKPOINT_PROMPT) {