Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-08-08 04:08:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make sure the object name is a zero-terminated Unicode in ObFindObject().

Browse source 
Bug found by Royce Mitchell and Vizzini.

svn path=/trunk/; revision=5312
This commit is contained in:
Eric Kohl 2003-07-29 14:37:39 +00:00
parent 5e24ec3176
commit 8d0d5db7c6
1 changed files with 41 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
reactos/ntoskrnl/ob/object.c
View file

@ -1,4 +1,4 @@
/* $Id: object.c,v 1.65 2003/07/21 21:53:53 royce Exp $
/* $Id: object.c,v 1.66 2003/07/29 14:37:39 ekohl Exp $
*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
@ -101,21 +101,22 @@ VOID ObInitializeObject(POBJECT_HEADER ObjectHeader,
*
* RETURN VALUE
*/
NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
PVOID* ReturnedObject,
PUNICODE_STRING RemainingPath,
POBJECT_TYPE ObjectType)
NTSTATUS
ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
PVOID* ReturnedObject,
PUNICODE_STRING RemainingPath,
POBJECT_TYPE ObjectType)
{
PVOID NextObject;
PVOID CurrentObject;
PVOID RootObject;
POBJECT_HEADER CurrentHeader;
NTSTATUS Status;
PWSTR Path;
PWSTR current;
UNICODE_STRING PathString;
ULONG Attributes;
PUNICODE_STRING ObjectName;
DPRINT("ObFindObject(ObjectAttributes %x, ReturnedObject %x, "
"RemainingPath %x)\n",ObjectAttributes,ReturnedObject,RemainingPath);
DPRINT("ObjectAttributes->ObjectName %wZ\n",
@ -144,31 +145,39 @@ NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
return(Status);
}
}
Path = ObjectAttributes->ObjectName->Buffer;
if (Path[0] == 0)
{
*ReturnedObject = CurrentObject;
return(STATUS_SUCCESS);
}
if ((ObjectAttributes->RootDirectory == NULL) && (Path[0] != '\\'))
{
ObDereferenceObject(CurrentObject);
return(STATUS_UNSUCCESSFUL);
}
if (Path)
{
RtlCreateUnicodeString (&PathString, Path);
current = PathString.Buffer;
}
else
{
RtlInitUnicodeString (&PathString, NULL);
current = NULL;
}
ObjectName = ObjectAttributes->ObjectName;
if (ObjectName->Length == 0 ||
ObjectName->Buffer[0] == UNICODE_NULL)
{
*ReturnedObject = CurrentObject;
return STATUS_SUCCESS;
}
if (ObjectAttributes->RootDirectory == NULL &&
ObjectName->Buffer[0] != L'\\')
{
ObDereferenceObject (CurrentObject);
return STATUS_UNSUCCESSFUL;
}
/* Create a zero-terminated copy of the object name */
PathString.Length = ObjectName->Length;
PathString.MaximumLength = ObjectName->Length + sizeof(WCHAR);
PathString.Buffer = ExAllocatePool (NonPagedPool,
PathString.MaximumLength);
if (PathString.Buffer == NULL)
{
ObDereferenceObject (CurrentObject);
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlCopyMemory (PathString.Buffer,
ObjectName->Buffer,
ObjectName->Length);
PathString.Buffer[PathString.Length / sizeof(WCHAR)] = UNICODE_NULL;
current = PathString.Buffer;
RootObject = CurrentObject;
Attributes = ObjectAttributes->Attributes;