SEH protect NtReplyWaitReceivePortEx and fix one instance of message type checking to correctly account for kernel LPC messages.

svn path=/trunk/; revision=33428
2024-10-01 23:14:53 +00:00 · 2008-05-11 09:39:26 +00:00 · 2008-05-11 09:39:26 +00:00 · a907b85b1a
parent 973109beb4
commit a907b85b1a
1 changed files with 103 additions and 58 deletions
--- a/reactos/ntoskrnl/lpc/reply.c
+++ b/reactos/ntoskrnl/lpc/reply.c
@ -160,11 +160,14 @@ NtReplyWaitReceivePortEx(IN HANDLE PortHandle,
 {
    PLPCP_PORT_OBJECT Port, ReceivePort, ConnectionPort = NULL;
    KPROCESSOR_MODE PreviousMode = KeGetPreviousMode(), WaitMode = PreviousMode;
-    NTSTATUS Status;
+    NTSTATUS Status = STATUS_SUCCESS;
    PLPCP_MESSAGE Message;
    PETHREAD Thread = PsGetCurrentThread(), WakeupThread;
    PLPCP_CONNECTION_MESSAGE ConnectMessage;
    ULONG ConnectionInfoLength;
+    PORT_MESSAGE CapturedReplyMessage;
+    LARGE_INTEGER CapturedTimeout;
+
    PAGED_CODE();
    LPCTRACE(LPC_REPLY_DEBUG,
             "Handle: %lx. Messages: %p/%p. Context: %p\n",
@ -173,8 +176,42 @@ NtReplyWaitReceivePortEx(IN HANDLE PortHandle,
             ReceiveMessage,
             PortContext);

+    if (KeGetPreviousMode() == UserMode)
+    {
+        _SEH_TRY
+        {
+            if (ReplyMessage != NULL)
+            {
+                ProbeForRead(ReplyMessage, sizeof(PORT_MESSAGE), sizeof(ULONG));
+                RtlCopyMemory(&CapturedReplyMessage, ReplyMessage, sizeof(PORT_MESSAGE));
+                ReplyMessage = &CapturedReplyMessage;
+            }
+
+            if (Timeout != NULL)
+            {
+                ProbeForReadLargeInteger(Timeout);
+                RtlCopyMemory(&CapturedTimeout, Timeout, sizeof(LARGE_INTEGER));
+                Timeout = &CapturedTimeout;
+            }
+
+            if (PortContext != NULL)
+                ProbeForWritePointer(PortContext);
+        }
+        _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
+        {
+            Status = _SEH_GetExceptionCode();
+        }
+        _SEH_END;
+
+        /* Bail out if pointer was invalid */
+        if (!NT_SUCCESS(Status))
+            return Status;
+    }
+    else
+    {
        /* If this is a system thread, then let it page out its stack */
        if (Thread->SystemThread) WaitMode = UserMode;
+    }

    /* Check if caller has a reply message */
    if (ReplyMessage)
@ -388,6 +425,8 @@ NtReplyWaitReceivePortEx(IN HANDLE PortHandle,
    Thread->LpcReceivedMessageId = Message->Request.MessageId;
    Thread->LpcReceivedMsgIdValid = TRUE;

+    _SEH_TRY
+    {
        /* Check if this was a connection request */
        if (LpcpGetMessageType(&Message->Request) == LPC_CONNECTION_REQUEST)
        {
@ -419,7 +458,7 @@ NtReplyWaitReceivePortEx(IN HANDLE PortHandle,
            /* Clear the port context if the caller requested one */
            if (PortContext) *PortContext = NULL;
        }
-    else if (Message->Request.u2.s2.Type != LPC_REPLY)
+        else if (LpcpGetMessageType(&Message->Request) != LPC_REPLY)
        {
            /* Otherwise, this is a new message or event */
            LPCTRACE(LPC_REPLY_DEBUG,
@ -450,6 +489,12 @@ NtReplyWaitReceivePortEx(IN HANDLE PortHandle,
            /* This is a reply message, should never happen! */
            ASSERT(FALSE);
        }
+    }
+    _SEH_EXCEPT(_SEH_ExSystemExceptionFilter)
+    {
+        Status = _SEH_GetExceptionCode();
+    }
+    _SEH_END;

    /* Check if we have a message pointer here */
    if (Message)