Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 01:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Make sure the object name is a zero-terminated Unicode in ObFindObject().

Browse source 
Bug found by Royce Mitchell and Vizzini.

svn path=/trunk/; revision=5312
This commit is contained in:
Eric Kohl 2003-07-29 14:37:39 +00:00
parent 5e24ec3176
commit 8d0d5db7c6
1 changed files with 41 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
reactos/ntoskrnl/ob/object.c
View file

@ -1,4 +1,4 @@
/* $Id: object.c,v 1.65 2003/07/21 21:53:53 royce Exp $ /* $Id: object.c,v 1.66 2003/07/29 14:37:39 ekohl Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -101,21 +101,22 @@ VOID ObInitializeObject(POBJECT_HEADER ObjectHeader,
* *
* RETURN VALUE * RETURN VALUE
*/ */
NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes, NTSTATUS
PVOID* ReturnedObject, ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
PUNICODE_STRING RemainingPath, PVOID* ReturnedObject,
POBJECT_TYPE ObjectType) PUNICODE_STRING RemainingPath,
POBJECT_TYPE ObjectType)
{ {
PVOID NextObject; PVOID NextObject;
PVOID CurrentObject; PVOID CurrentObject;
PVOID RootObject; PVOID RootObject;
POBJECT_HEADER CurrentHeader; POBJECT_HEADER CurrentHeader;
NTSTATUS Status; NTSTATUS Status;
PWSTR Path;
PWSTR current; PWSTR current;
UNICODE_STRING PathString; UNICODE_STRING PathString;
ULONG Attributes; ULONG Attributes;
PUNICODE_STRING ObjectName;
DPRINT("ObFindObject(ObjectAttributes %x, ReturnedObject %x, " DPRINT("ObFindObject(ObjectAttributes %x, ReturnedObject %x, "
"RemainingPath %x)\n",ObjectAttributes,ReturnedObject,RemainingPath); "RemainingPath %x)\n",ObjectAttributes,ReturnedObject,RemainingPath);
DPRINT("ObjectAttributes->ObjectName %wZ\n", DPRINT("ObjectAttributes->ObjectName %wZ\n",
@ -144,31 +145,39 @@ NTSTATUS ObFindObject(POBJECT_ATTRIBUTES ObjectAttributes,
return(Status); return(Status);
} }
} }
Path = ObjectAttributes->ObjectName->Buffer; ObjectName = ObjectAttributes->ObjectName;
if (ObjectName->Length == 0 ||
if (Path[0] == 0) ObjectName->Buffer[0] == UNICODE_NULL)
{ {
*ReturnedObject = CurrentObject; *ReturnedObject = CurrentObject;
return(STATUS_SUCCESS); return STATUS_SUCCESS;
} }
if ((ObjectAttributes->RootDirectory == NULL) && (Path[0] != '\\')) if (ObjectAttributes->RootDirectory == NULL &&
{ ObjectName->Buffer[0] != L'\\')
ObDereferenceObject(CurrentObject); {
return(STATUS_UNSUCCESSFUL); ObDereferenceObject (CurrentObject);
} return STATUS_UNSUCCESSFUL;
}
if (Path)
{ /* Create a zero-terminated copy of the object name */
RtlCreateUnicodeString (&PathString, Path); PathString.Length = ObjectName->Length;
current = PathString.Buffer; PathString.MaximumLength = ObjectName->Length + sizeof(WCHAR);
} PathString.Buffer = ExAllocatePool (NonPagedPool,
else PathString.MaximumLength);
{ if (PathString.Buffer == NULL)
RtlInitUnicodeString (&PathString, NULL); {
current = NULL; ObDereferenceObject (CurrentObject);
} return STATUS_INSUFFICIENT_RESOURCES;
}
RtlCopyMemory (PathString.Buffer,
ObjectName->Buffer,
ObjectName->Length);
PathString.Buffer[PathString.Length / sizeof(WCHAR)] = UNICODE_NULL;
current = PathString.Buffer;
RootObject = CurrentObject; RootObject = CurrentObject;
Attributes = ObjectAttributes->Attributes; Attributes = ObjectAttributes->Attributes;