mirror of
https://github.com/reactos/reactos.git
synced 2024-07-05 12:15:46 +00:00
[NTOS:LPC]
- Capture the ServerView/ClientView *only* when those pointers are not NULL. - Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100 svn path=/trunk/; revision=73166
This commit is contained in:
Hermès Bélusca-Maïto
parent
09207124de
commit
824c5e07c0
|
|
@ -84,7 +84,9 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
||||||
ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
|
ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
|
||||||
|
|
||||||
/* The following parameters are optional */
|
/* The following parameters are optional */
|
||||||
if (ServerView != NULL)
|
|
||||||
|
/* Capture the server view */
|
||||||
|
if (ServerView)
|
||||||
{
|
{
|
||||||
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
||||||
CapturedServerView = *(volatile PORT_VIEW*)ServerView;
|
CapturedServerView = *(volatile PORT_VIEW*)ServerView;
|
||||||
|
|
@ -97,7 +99,8 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ClientView != NULL)
|
/* Capture the client view */
|
||||||
|
if (ClientView)
|
||||||
{
|
{
|
||||||
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
||||||
|
|
||||||
|
|
@ -121,21 +124,29 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
|
||||||
CapturedReplyMessage = *ReplyMessage;
|
CapturedReplyMessage = *ReplyMessage;
|
||||||
ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
|
ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
|
||||||
|
|
||||||
|
/* Capture the server view */
|
||||||
|
if (ServerView)
|
||||||
|
{
|
||||||
/* Validate the size of the server view */
|
/* Validate the size of the server view */
|
||||||
if ((ServerView) && (ServerView->Length != sizeof(*ServerView)))
|
if (ServerView->Length != sizeof(*ServerView))
|
||||||
{
|
{
|
||||||
/* Invalid size */
|
/* Invalid size */
|
||||||
return STATUS_INVALID_PARAMETER;
|
return STATUS_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
CapturedServerView = *ServerView;
|
CapturedServerView = *ServerView;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Capture the client view */
|
||||||
|
if (ClientView)
|
||||||
|
{
|
||||||
/* Validate the size of the client view */
|
/* Validate the size of the client view */
|
||||||
if ((ClientView) && (ClientView->Length != sizeof(*ClientView)))
|
if (ClientView->Length != sizeof(*ClientView))
|
||||||
{
|
{
|
||||||
/* Invalid size */
|
/* Invalid size */
|
||||||
return STATUS_INVALID_PARAMETER;
|
return STATUS_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Get the client process and thread */
|
/* Get the client process and thread */
|
||||||
Status = PsLookupProcessThreadByCid(&CapturedReplyMessage.ClientId,
|
Status = PsLookupProcessThreadByCid(&CapturedReplyMessage.ClientId,
|
||||||
|
|
|
||||||
|
|
@ -130,7 +130,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
||||||
/* The following parameters are optional */
|
/* The following parameters are optional */
|
||||||
|
|
||||||
/* Capture the client view */
|
/* Capture the client view */
|
||||||
if (ClientView != NULL)
|
if (ClientView)
|
||||||
{
|
{
|
||||||
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
|
||||||
CapturedClientView = *(volatile PORT_VIEW*)ClientView;
|
CapturedClientView = *(volatile PORT_VIEW*)ClientView;
|
||||||
|
|
@ -145,7 +145,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Capture the server view */
|
/* Capture the server view */
|
||||||
if (ServerView != NULL)
|
if (ServerView)
|
||||||
{
|
{
|
||||||
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
|
||||||
|
|
||||||
|
|
@ -202,7 +202,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
||||||
/* The following parameters are optional */
|
/* The following parameters are optional */
|
||||||
|
|
||||||
/* Capture the client view */
|
/* Capture the client view */
|
||||||
if (ClientView != NULL)
|
if (ClientView)
|
||||||
{
|
{
|
||||||
/* Validate the size of the client view */
|
/* Validate the size of the client view */
|
||||||
if (ClientView->Length != sizeof(*ClientView))
|
if (ClientView->Length != sizeof(*ClientView))
|
||||||
|
|
@ -214,7 +214,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Capture the server view */
|
/* Capture the server view */
|
||||||
if (ServerView != NULL)
|
if (ServerView)
|
||||||
{
|
{
|
||||||
/* Validate the size of the server view */
|
/* Validate the size of the server view */
|
||||||
if (ServerView->Length != sizeof(*ServerView))
|
if (ServerView->Length != sizeof(*ServerView))
|
||||||
|
|
|
||||||
|
|
@ -857,7 +857,7 @@ NtRequestWaitReplyPort(IN HANDLE PortHandle,
|
||||||
|
|
||||||
/* Copy it */
|
/* Copy it */
|
||||||
LpcpMoveMessage(&Message->Request,
|
LpcpMoveMessage(&Message->Request,
|
||||||
LpcRequest,
|
&CapturedLpcRequest,
|
||||||
LpcRequest + 1,
|
LpcRequest + 1,
|
||||||
MessageType,
|
MessageType,
|
||||||
&Thread->Cid);
|
&Thread->Cid);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue