- Check the Image Config Data in MmCreatePeb for address abusing (bug #1487).

- Speed-up the ElfpIsPowerOf2 function (bug #1464). svn path=/trunk/; revision=21916
2024-06-28 17:01:28 +00:00 · 2006-05-16 15:04:50 +00:00 · 2006-05-16 15:04:50 +00:00 · 8a1609a63e
parent d83ca30a98
commit 8a1609a63e
2 changed files with 33 additions and 23 deletions
--- a/reactos/ntoskrnl/mm/elf.inc.h
+++ b/reactos/ntoskrnl/mm/elf.inc.h
@ -294,10 +294,7 @@ static __inline BOOLEAN ElfFmtpIsPowerOf2(IN Elf_Addr Number)
 if(Number == 0)
  return FALSE;

- while((Number % 2) == 0)
-  Number /= 2;
-
- return Number == 1;
+ return (Number & (Number - 1)) == 0;
 }

 static __inline Elf_Addr ElfFmtpModPow2
--- a/reactos/ntoskrnl/mm/process.c
+++ b/reactos/ntoskrnl/mm/process.c
@ -297,12 +297,6 @@ MmCreatePeb(PROS_EPROCESS Process)
    /* Image Data */
    if ((NtHeaders = RtlImageNtHeader(Peb->ImageBaseAddress)))
    {
-        /* Get the Image Config Data too */
-        ImageConfigData = RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
-                                                       TRUE,
-                                                       IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
-                                                       &ViewSize);
-
        /* Write subsystem data */
        Peb->ImageSubSystem = NtHeaders->OptionalHeader.Subsystem;
        Peb->ImageSubSystemMajorVersion = NtHeaders->OptionalHeader.MajorSubsystemVersion;
@ -315,22 +309,10 @@ MmCreatePeb(PROS_EPROCESS Process)
            Peb->OSMinorVersion = (NtHeaders->OptionalHeader.Win32VersionValue >> 8) & 0xFF;
            Peb->OSBuildNumber = (NtHeaders->OptionalHeader.Win32VersionValue >> 16) & 0x3FFF;

-            /* Lie about the version if requested */
-            if (ImageConfigData && ImageConfigData->CSDVersion)
-            {
-                Peb->OSCSDVersion = ImageConfigData->CSDVersion;
-            }
-
            /* Set the Platform ID */
            Peb->OSPlatformId = (NtHeaders->OptionalHeader.Win32VersionValue >> 30) ^ 2;
        }

-        /* Check for affinity override */
-        if (ImageConfigData && ImageConfigData->ProcessAffinityMask)
-        {
-            ProcessAffinityMask = ImageConfigData->ProcessAffinityMask;
-        }
-
        /* Check if the image is not safe for SMP */
        if (NtHeaders->FileHeader.Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY)
        {
@ -342,6 +324,37 @@ MmCreatePeb(PROS_EPROCESS Process)
            /* Use affinity from Image Header */
            Peb->ImageProcessAffinityMask = ProcessAffinityMask;
        }
+
+        _SEH_TRY
+        {
+            /* Get the Image Config Data too */
+            ImageConfigData = RtlImageDirectoryEntryToData(Peb->ImageBaseAddress,
+                                                           TRUE,
+                                                           IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
+                                                           &ViewSize);
+
+            ProbeForRead(ImageConfigData,
+                         sizeof(IMAGE_LOAD_CONFIG_DIRECTORY),
+                         sizeof(ULONG));
+
+            /* Process the image config data overrides if specfied. */
+            if (ImageConfigData != NULL)
+            {
+                if (ImageConfigData->CSDVersion)
+                {
+                    Peb->OSCSDVersion = ImageConfigData->CSDVersion;
+                }
+                if (ImageConfigData->ProcessAffinityMask)
+                {
+                    ProcessAffinityMask = ImageConfigData->ProcessAffinityMask;
+                }
+            }
+        }
+        _SEH_HANDLE
+        {
+            Status = _SEH_GetExceptionCode();
+        }
+        _SEH_END;
    }

    /* Misc data */
@ -352,7 +365,7 @@ MmCreatePeb(PROS_EPROCESS Process)
    KeDetachProcess();

    DPRINT("MmCreatePeb: Peb created at %p\n", Peb);
-    return STATUS_SUCCESS;
+    return Status;
 }

 PTEB