Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-13 16:15:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CONSRV]: Use NtDuplicateObject with DUPLICATE_CLOSE_SOURCE to close a duplicated handle in a target process (instead of erroneously call NtClose on it). Should fix CORE-10510 and CORE-9742. Thanks to Thomas Faber for having pointed me to the source of the problem.

Browse source 
svn path=/trunk/; revision=69889
This commit is contained in:
Hermès Bélusca-Maïto 2015-11-14 16:20:00 +00:00
parent 9086f2a059
commit 9bccd93655
2 changed files with 26 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
reactos/win32ss/user/winsrv/consrv/condrv/graphics.c
View file

@ -163,7 +163,8 @@ GRAPHICS_BUFFER_Initialize(OUT PCONSOLE_SCREEN_BUFFER* Buffer,
if (!NT_SUCCESS(Status))
{
DPRINT1("Error: Impossible to create a shared section, Status = 0x%08lx\n", Status);
NtClose(NewBuffer->ClientMutex);
NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@ -189,7 +190,8 @@ GRAPHICS_BUFFER_Initialize(OUT PCONSOLE_SCREEN_BUFFER* Buffer,
{
DPRINT1("Error: Impossible to map the shared section, Status = 0x%08lx\n", Status);
NtClose(NewBuffer->hSection);
NtClose(NewBuffer->ClientMutex);
NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@ -217,7 +219,8 @@ GRAPHICS_BUFFER_Initialize(OUT PCONSOLE_SCREEN_BUFFER* Buffer,
DPRINT1("Error: Impossible to map the shared section, Status = 0x%08lx\n", Status);
NtUnmapViewOfSection(NtCurrentProcess(), NewBuffer->BitMap);
NtClose(NewBuffer->hSection);
NtClose(NewBuffer->ClientMutex);
NtDuplicateObject(ProcessHandle, NewBuffer->ClientMutex,
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(NewBuffer->Mutex);
ConsoleFreeHeap(NewBuffer->BitMapInfo);
CONSOLE_SCREEN_BUFFER_Destroy((PCONSOLE_SCREEN_BUFFER)NewBuffer);
@ -260,7 +263,8 @@ GRAPHICS_BUFFER_Destroy(IN OUT PCONSOLE_SCREEN_BUFFER Buffer)
NtUnmapViewOfSection(Buff->ClientProcess, Buff->ClientBitMap);
NtUnmapViewOfSection(NtCurrentProcess(), Buff->BitMap);
NtClose(Buff->hSection);
NtClose(Buff->ClientMutex);
NtDuplicateObject(Buff->ClientProcess, Buff->ClientMutex,
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtClose(Buff->Mutex);
ConsoleFreeHeap(Buff->BitMapInfo);

24
reactos/win32ss/user/winsrv/consrv/handle.c
View file

@ -548,7 +548,9 @@ ConSrvAllocateConsole(PCONSOLE_PROCESS_DATA ProcessData,
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InitEvents[INIT_FAILURE]) failed: %lu\n", Status);
NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ConSrvDeleteConsole(Console);
ProcessData->ConsoleHandle = NULL;
@ -564,8 +566,12 @@ ConSrvAllocateConsole(PCONSOLE_PROCESS_DATA ProcessData,
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InputWaitHandle) failed: %lu\n", Status);
NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_FAILURE]);
NtClose(ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_FAILURE],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleInitInfo->ConsoleStartInfo->InitEvents[INIT_SUCCESS],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ConSrvDeleteConsole(Console);
ProcessData->ConsoleHandle = NULL;
@ -669,7 +675,9 @@ ConSrvInheritConsole(PCONSOLE_PROCESS_DATA ProcessData,
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InitEvents[INIT_FAILURE]) failed: %lu\n", Status);
NtClose(ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleStartInfo->InitEvents[INIT_SUCCESS],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData);
ProcessData->ConsoleHandle = NULL;
goto Quit;
@ -684,8 +692,12 @@ ConSrvInheritConsole(PCONSOLE_PROCESS_DATA ProcessData,
if (!NT_SUCCESS(Status))
{
DPRINT1("NtDuplicateObject(InputWaitHandle) failed: %lu\n", Status);
NtClose(ConsoleStartInfo->InitEvents[INIT_FAILURE]);
NtClose(ConsoleStartInfo->InitEvents[INIT_SUCCESS]);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleStartInfo->InitEvents[INIT_FAILURE],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
NtDuplicateObject(ProcessData->Process->ProcessHandle,
ConsoleStartInfo->InitEvents[INIT_SUCCESS],
NULL, NULL, 0, 0, DUPLICATE_CLOSE_SOURCE);
ConSrvFreeHandlesTable(ProcessData); // NOTE: Always free the handles table.
ProcessData->ConsoleHandle = NULL;
goto Quit;