Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-01 02:10:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:LPC]

Browse source 
- Capture the ServerView/ClientView *only* when those pointers are not NULL.
- Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100

svn path=/trunk/; revision=73166
This commit is contained in:
Hermès Bélusca-Maïto 2016-11-07 12:35:09 +00:00
parent 09207124de
commit 824c5e07c0
3 changed files with 27 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
reactos/ntoskrnl/lpc/complete.c
View file

@ -84,7 +84,9 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
/* The following parameters are optional */
if (ServerView != NULL)
/* Capture the server view */
if (ServerView)
{
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
CapturedServerView = *(volatile PORT_VIEW*)ServerView;
@ -97,7 +99,8 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
}
}
if (ClientView != NULL)
/* Capture the client view */
if (ClientView)
{
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
@ -121,19 +124,27 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
CapturedReplyMessage = *ReplyMessage;
ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
/* Validate the size of the server view */
if ((ServerView) && (ServerView->Length != sizeof(*ServerView)))
/* Capture the server view */
if (ServerView)
{
/* Invalid size */
return STATUS_INVALID_PARAMETER;
/* Validate the size of the server view */
if (ServerView->Length != sizeof(*ServerView))
{
/* Invalid size */
return STATUS_INVALID_PARAMETER;
}
CapturedServerView = *ServerView;
}
CapturedServerView = *ServerView;
/* Validate the size of the client view */
if ((ClientView) && (ClientView->Length != sizeof(*ClientView)))
/* Capture the client view */
if (ClientView)
{
/* Invalid size */
return STATUS_INVALID_PARAMETER;
/* Validate the size of the client view */
if (ClientView->Length != sizeof(*ClientView))
{
/* Invalid size */
return STATUS_INVALID_PARAMETER;
}
}
}

8
reactos/ntoskrnl/lpc/connect.c
View file

@ -130,7 +130,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
/* The following parameters are optional */
/* Capture the client view */
if (ClientView != NULL)
if (ClientView)
{
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
CapturedClientView = *(volatile PORT_VIEW*)ClientView;
@ -145,7 +145,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
}
/* Capture the server view */
if (ServerView != NULL)
if (ServerView)
{
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
@ -202,7 +202,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
/* The following parameters are optional */
/* Capture the client view */
if (ClientView != NULL)
if (ClientView)
{
/* Validate the size of the client view */
if (ClientView->Length != sizeof(*ClientView))
@ -214,7 +214,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
}
/* Capture the server view */
if (ServerView != NULL)
if (ServerView)
{
/* Validate the size of the server view */
if (ServerView->Length != sizeof(*ServerView))

2
reactos/ntoskrnl/lpc/send.c
View file

@ -857,7 +857,7 @@ NtRequestWaitReplyPort(IN HANDLE PortHandle,
/* Copy it */
LpcpMoveMessage(&Message->Request,
LpcRequest,
&CapturedLpcRequest,
LpcRequest + 1,
MessageType,
&Thread->Cid);