mirror of
https://github.com/reactos/reactos.git
synced 2024-07-01 02:10:07 +00:00
[NTOS:LPC]
- Capture the ServerView/ClientView *only* when those pointers are not NULL. - Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100 svn path=/trunk/; revision=73166
This commit is contained in:
parent
09207124de
commit
824c5e07c0
|
@ -84,7 +84,9 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
|||
ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
|
||||
|
||||
/* The following parameters are optional */
|
||||
if (ServerView != NULL)
|
||||
|
||||
/* Capture the server view */
|
||||
if (ServerView)
|
||||
{
|
||||
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
||||
CapturedServerView = *(volatile PORT_VIEW*)ServerView;
|
||||
|
@ -97,7 +99,8 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
|||
}
|
||||
}
|
||||
|
||||
if (ClientView != NULL)
|
||||
/* Capture the client view */
|
||||
if (ClientView)
|
||||
{
|
||||
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
||||
|
||||
|
@ -121,19 +124,27 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
|||
CapturedReplyMessage = *ReplyMessage;
|
||||
ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
|
||||
|
||||
/* Validate the size of the server view */
|
||||
if ((ServerView) && (ServerView->Length != sizeof(*ServerView)))
|
||||
/* Capture the server view */
|
||||
if (ServerView)
|
||||
{
|
||||
/* Invalid size */
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
/* Validate the size of the server view */
|
||||
if (ServerView->Length != sizeof(*ServerView))
|
||||
{
|
||||
/* Invalid size */
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
CapturedServerView = *ServerView;
|
||||
}
|
||||
CapturedServerView = *ServerView;
|
||||
|
||||
/* Validate the size of the client view */
|
||||
if ((ClientView) && (ClientView->Length != sizeof(*ClientView)))
|
||||
/* Capture the client view */
|
||||
if (ClientView)
|
||||
{
|
||||
/* Invalid size */
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
/* Validate the size of the client view */
|
||||
if (ClientView->Length != sizeof(*ClientView))
|
||||
{
|
||||
/* Invalid size */
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -130,7 +130,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
|||
/* The following parameters are optional */
|
||||
|
||||
/* Capture the client view */
|
||||
if (ClientView != NULL)
|
||||
if (ClientView)
|
||||
{
|
||||
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
||||
CapturedClientView = *(volatile PORT_VIEW*)ClientView;
|
||||
|
@ -145,7 +145,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
|||
}
|
||||
|
||||
/* Capture the server view */
|
||||
if (ServerView != NULL)
|
||||
if (ServerView)
|
||||
{
|
||||
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
||||
|
||||
|
@ -202,7 +202,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
|||
/* The following parameters are optional */
|
||||
|
||||
/* Capture the client view */
|
||||
if (ClientView != NULL)
|
||||
if (ClientView)
|
||||
{
|
||||
/* Validate the size of the client view */
|
||||
if (ClientView->Length != sizeof(*ClientView))
|
||||
|
@ -214,7 +214,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
|||
}
|
||||
|
||||
/* Capture the server view */
|
||||
if (ServerView != NULL)
|
||||
if (ServerView)
|
||||
{
|
||||
/* Validate the size of the server view */
|
||||
if (ServerView->Length != sizeof(*ServerView))
|
||||
|
|
|
@ -857,7 +857,7 @@ NtRequestWaitReplyPort(IN HANDLE PortHandle,
|
|||
|
||||
/* Copy it */
|
||||
LpcpMoveMessage(&Message->Request,
|
||||
LpcRequest,
|
||||
&CapturedLpcRequest,
|
||||
LpcRequest + 1,
|
||||
MessageType,
|
||||
&Thread->Cid);
|
||||
|
|
Loading…
Reference in a new issue