Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-21 16:04:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

[0.4.11][NTOS][WIN32SS][UDFS] Fix double free in ObCreateObject, fix retvals CORE-14271

Browse source 
Backport the following commits:
0.4.15-dev-6401-g 53b30e3f3b [NTOSKRNL][NTGDI] Formatting addendum, no functional change
0.4.15-dev-5487-g e7bbbf049e [NTOS] Fix double free on allocation failure in ObCreateObject
partially 0.4.13-dev-358-g 38db074491 [WIN32SS][UDFS] Misc addendum to CORE-14271 (#1529)
0.4.12-dev-648-g 17af7f0c27 [UDFS] Correctly check SeSinglePrivilegeCheck() return value (#1324) CORE-14271
0.4.12-dev-552-g 0483a5a380 [NTOS:OB] Correctly check SeSinglePrivilegeCheck() return value (#1323) CORE-14271

Just for verifying that the size didn't increase anywhere:

ntoskrnl.exe GCC8.4.0dbg RosBEWin2.2.2 master               5.124.096
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.14  4.413.440 -> 4.413.440
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.13  4.367.360 -> 4.367.360
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.12  4.377.600 -> 4.377.600
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.11  4.377.088 -> 4.377.088
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.10  4.344.320 -> 4.344.320
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  4.311.552 -> 4.311.552
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  4.296.704 -> 4.296.704
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  4.231.168 -> 4.231.168

udfs.sys     GCC8.4.0dbg RosBEWin2.2.2 master             835.584
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.14  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.13  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.12  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.11  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.10  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  749.568 -> 749.568

user32.dll   GCC8.4.0dbg RosBEWin2.2.2 master               1.585.152
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  1.448.448 -> 1.448.448
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  1.445.376 -> 1.445.376
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  1.455.616 -> 1.455.616
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  1.453.056 -> 1.453.056
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  1.434.624 -> 1.434.624
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  1.422.336 -> 1.422.336
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  1.421.824 -> 1.421.824
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  1.418.752 -> 1.418.752

win32k.sys   GCC8.4.0dbg RosBEWin2.2.2 master               3.477.504
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  2.904.064 -> 2.904.064
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  2.895.872 -> 2.895.872
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  2.887.680 -> 2.887.680
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  2.867.200 -> 2.867.200
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  2.863.104 -> 2.863.104
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  2.834.432 -> 2.834.432
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  2.830.336 -> 2.830.336
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  2.830.336 -> 2.830.336
This commit is contained in:
Joachim Henze 2023-08-02 00:46:53 +02:00
parent 0630823944
commit 7b99293b02
6 changed files with 24 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/filesystems/udfs/create.cpp
View file

@ -742,9 +742,9 @@ op_vol_accs_dnd:
// we should check appropriate privilege if OpenForBackup requested
if(OpenForBackup) {
RC = SeSinglePrivilegeCheck(SeExports->SeBackupPrivilege, UserMode);
if(!NT_SUCCESS(RC))
try_return(RC);
if (!SeSinglePrivilegeCheck(SeExports->SeBackupPrivilege, UserMode)) {
try_return(RC = STATUS_PRIVILEGE_NOT_HELD);
}
}
// The FSD might wish to implement the open-by-id option. The "id"

5
drivers/filesystems/udfs/secursup.cpp
View file

@ -934,9 +934,9 @@ UDFCheckAccessRights(
)
{
NTSTATUS RC;
BOOLEAN SecurityCheck = TRUE;
BOOLEAN ROCheck = FALSE;
#ifdef UDF_ENABLE_SECURITY
BOOLEAN SecurityCheck;
PSECURITY_DESCRIPTOR SecDesc;
SECURITY_SUBJECT_CONTEXT SubjectContext;
ACCESS_MASK LocalAccessMask;
@ -1011,8 +1011,7 @@ treat_as_ro:
} else
#endif //UDF_ENABLE_SECURITY
if(DesiredAccess & ACCESS_SYSTEM_SECURITY) {
SecurityCheck = SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode);
if(!SecurityCheck)
if (!SeSinglePrivilegeCheck(SeExports->SeSecurityPrivilege, UserMode))
return STATUS_ACCESS_DENIED;
Ccb->PreviouslyGrantedAccess |= ACCESS_SYSTEM_SECURITY;
}

8
ntoskrnl/config/cmsysini.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS Kernel
* LICENSE: BSD - See COPYING.ARM in the top level directory
* FILE: ntoskrnl/config/cmsysini.c
* PURPOSE: Configuration Manager - System Initialization Code
* PROGRAMMERS: ReactOS Portable Systems Group
* Alex Ionescu (alex.ionescu@reactos.org)
@ -873,7 +872,6 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
UNICODE_STRING KeyName;
PCMHIVE SystemHive = NULL;
PSECURITY_DESCRIPTOR SecurityDescriptor;
BOOLEAN Success;
PAGED_CODE();
@ -921,12 +919,8 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
}
/* Set the hive filename */
Success = RtlCreateUnicodeString(&SystemHive->FileFullPath,
L"\\SystemRoot\\System32\\Config\\SYSTEM");
if (!Success)
{
if (!RtlCreateUnicodeString(&SystemHive->FileFullPath, L"\\SystemRoot\\System32\\Config\\SYSTEM"))
return FALSE;
}
/* Manually set the hive as volatile, if in Live CD mode */
if (HiveBase && CmpShareSystemHives)

17
ntoskrnl/ob/oblife.c
View file

@ -872,10 +872,11 @@ ObpAllocateObject(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
NTSTATUS
NTAPI
ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
ObQueryTypeInfo(
IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
{
NTSTATUS Status = STATUS_SUCCESS;
PWSTR InfoBuffer;
@ -887,7 +888,7 @@ ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
*ReturnLength += sizeof(*ObjectTypeInfo) +
ALIGN_UP(ObjectType->Name.MaximumLength, ULONG);
/* Check if thats too much though. */
/* Check if that is too much */
if (Length < *ReturnLength)
{
_SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
@ -1036,6 +1037,7 @@ ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL,
/* Release the Capture Info, we don't need it */
ObpFreeObjectCreateInformation(ObjectCreateInfo);
if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
return Status;
}
/* We failed, so release the Buffer */
@ -1427,9 +1429,8 @@ NtMakePermanentObject(IN HANDLE ObjectHandle)
PAGED_CODE();
/* Make sure that the caller has SeCreatePermanentPrivilege */
Status = SeSinglePrivilegeCheck(SeCreatePermanentPrivilege,
PreviousMode);
if (!NT_SUCCESS(Status)) return STATUS_PRIVILEGE_NOT_HELD;
if (!SeSinglePrivilegeCheck(SeCreatePermanentPrivilege, PreviousMode))
return STATUS_PRIVILEGE_NOT_HELD;
/* Reference the object */
Status = ObReferenceObjectByHandle(ObjectHandle,

8
win32ss/gdi/ntgdi/freetype.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS win32 kernel mode subsystem
* LICENSE: GPL - See COPYING in the top level directory
* FILE: win32ss/gdi/ntgdi/freetype.c
* PURPOSE: FreeType font engine interface
* PROGRAMMERS: Copyright 2001 Huw D M Davies for CodeWeavers.
* Copyright 2006 Dmitry Timoshkov for CodeWeavers.
@ -474,7 +473,6 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
BYTE CharSets[FONTSUBST_FROM_AND_TO];
LPWSTR pch;
PFONTSUBST_ENTRY pEntry;
BOOLEAN Success;
/* the FontSubstitutes registry key */
static UNICODE_STRING FontSubstKey =
@ -519,8 +517,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
Length = pInfo->NameLength / sizeof(WCHAR);
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
Success = RtlCreateUnicodeString(&FromW, pInfo->Name);
if (!Success)
if (!RtlCreateUnicodeString(&FromW, pInfo->Name))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");
@ -542,8 +539,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pch = (LPWSTR)((PUCHAR)pInfo + pInfo->DataOffset);
Length = pInfo->DataLength / sizeof(WCHAR);
pch[Length] = UNICODE_NULL; /* truncate */
Success = RtlCreateUnicodeString(&ToW, pch);
if (!Success)
if (!RtlCreateUnicodeString(&ToW, pch))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");

20
win32ss/user/user32/windows/clipboard.c
View file

@ -91,7 +91,7 @@ UINT
WINAPI
RegisterClipboardFormatA(LPCSTR lpszFormat)
{
UINT ret = 0;
UINT ret;
UNICODE_STRING usFormat = {0};
if (lpszFormat == NULL)
@ -100,19 +100,17 @@ RegisterClipboardFormatA(LPCSTR lpszFormat)
return 0;
}
/* check for "" */
if (*lpszFormat == 0) //NULL
{
SetLastError(ERROR_INVALID_NAME);
return 0;
}
ret = RtlCreateUnicodeStringFromAsciiz(&usFormat, lpszFormat);
if (ret)
{
ret = NtUserRegisterWindowMessage(&usFormat); //(LPCWSTR)
RtlFreeUnicodeString(&usFormat);
}
if (!RtlCreateUnicodeStringFromAsciiz(&usFormat, lpszFormat))
return 0;
ret = NtUserRegisterWindowMessage(&usFormat); //(LPCWSTR)
RtlFreeUnicodeString(&usFormat);
return ret;
}
@ -124,7 +122,6 @@ UINT
WINAPI
RegisterClipboardFormatW(LPCWSTR lpszFormat)
{
UINT ret = 0;
UNICODE_STRING usFormat = {0};
if (lpszFormat == NULL)
@ -133,7 +130,6 @@ RegisterClipboardFormatW(LPCWSTR lpszFormat)
return 0;
}
/* check for "" */
if (*lpszFormat == 0) //NULL
{
SetLastError(ERROR_INVALID_NAME);
@ -141,9 +137,7 @@ RegisterClipboardFormatW(LPCWSTR lpszFormat)
}
RtlInitUnicodeString(&usFormat, lpszFormat);
ret = NtUserRegisterWindowMessage(&usFormat);
return ret;
return NtUserRegisterWindowMessage(&usFormat);
}
static PVOID WINAPI