Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-20 04:20:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Dmitry Chapyshev

Browse source 
- Add more length checks to NtQueryInformationProcess, inspired by r28570.

svn path=/trunk/; revision=38560
This commit is contained in:
Aleksey Bragin 2009-01-04 11:56:14 +00:00
parent 0751b2af16
commit b7aa576e73
1 changed files with 53 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
reactos/ntoskrnl/ps/query.c
View file

@ -120,7 +120,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Set return length */ /* Set return length */
Length = sizeof(PROCESS_BASIC_INFORMATION); Length = sizeof(PROCESS_BASIC_INFORMATION);
if ( ProcessInformationLength != Length ) if (ProcessInformationLength != Length)
{ {
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
@ -152,7 +152,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
case ProcessIoCounters: case ProcessIoCounters:
Length = sizeof(IO_COUNTERS); Length = sizeof(IO_COUNTERS);
if ( ProcessInformationLength != Length ) if (ProcessInformationLength != Length)
{ {
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
@ -167,7 +167,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Set the return length */ /* Set the return length */
Length = sizeof(KERNEL_USER_TIMES); Length = sizeof(KERNEL_USER_TIMES);
if ( ProcessInformationLength != Length ) if (ProcessInformationLength != Length)
{ {
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
@ -195,15 +195,20 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Process Debug Port */ /* Process Debug Port */
case ProcessDebugPort: case ProcessDebugPort:
/* Set return length */
Length = sizeof(HANDLE);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Protect write with SEH */ /* Protect write with SEH */
_SEH2_TRY _SEH2_TRY
{ {
/* Return whether or not we have a debug port */ /* Return whether or not we have a debug port */
*(PHANDLE)ProcessInformation = (Process->DebugPort ? *(PHANDLE)ProcessInformation = (Process->DebugPort ?
(HANDLE)-1 : NULL); (HANDLE)-1 : NULL);
/* Set the return length*/
Length = sizeof(HANDLE);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -225,7 +230,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Set the return length*/ /* Set the return length*/
Length = sizeof(ULONG); Length = sizeof(ULONG);
if ( ProcessInformationLength != Length ) if (ProcessInformationLength != Length)
{ {
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
@ -251,14 +256,19 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Session ID for the process */ /* Session ID for the process */
case ProcessSessionInformation: case ProcessSessionInformation:
/* Set the return length*/
Length = sizeof(PROCESS_SESSION_INFORMATION);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Enter SEH for write safety */ /* Enter SEH for write safety */
_SEH2_TRY _SEH2_TRY
{ {
/* Write back the Session ID */ /* Write back the Session ID */
SessionInfo->SessionId = Process->Session; SessionInfo->SessionId = Process->Session;
/* Set the return length */
Length = sizeof(PROCESS_SESSION_INFORMATION);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -279,7 +289,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Set the return length */ /* Set the return length */
Length = sizeof(VM_COUNTERS); Length = sizeof(VM_COUNTERS);
if ( ProcessInformationLength != Length ) if (ProcessInformationLength != Length)
{ {
Status = STATUS_INFO_LENGTH_MISMATCH; Status = STATUS_INFO_LENGTH_MISMATCH;
break; break;
@ -313,15 +323,20 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Hard Error Processing Mode */ /* Hard Error Processing Mode */
case ProcessDefaultHardErrorMode: case ProcessDefaultHardErrorMode:
/* Set the return length*/
Length = sizeof(ULONG);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
/* Write the current processing mode */ /* Write the current processing mode */
*(PULONG)ProcessInformation = Process-> *(PULONG)ProcessInformation = Process->
DefaultHardErrorProcessing; DefaultHardErrorProcessing;
/* Set the return length */
Length = sizeof(ULONG);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -334,15 +349,20 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Priority Boosting status */ /* Priority Boosting status */
case ProcessPriorityBoost: case ProcessPriorityBoost:
/* Set the return length*/
Length = sizeof(ULONG);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
/* Return boost status */ /* Return boost status */
*(PULONG)ProcessInformation = Process->Pcb.DisableBoost ? *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
TRUE : FALSE; TRUE : FALSE;
/* Set the return length */
Length = sizeof(ULONG);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -355,6 +375,14 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* DOS Device Map */ /* DOS Device Map */
case ProcessDeviceMap: case ProcessDeviceMap:
/* Set the return length*/
Length = sizeof(PROCESS_DEVICEMAP_INFORMATION);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Query the device map information */ /* Query the device map information */
ObQueryDeviceMapInformation(Process, &DeviceMap); ObQueryDeviceMapInformation(Process, &DeviceMap);
@ -362,9 +390,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
_SEH2_TRY _SEH2_TRY
{ {
*(PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation = DeviceMap; *(PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation = DeviceMap;
/* Set the return length */
Length = sizeof(PROCESS_DEVICEMAP_INFORMATION);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {
@ -377,14 +402,19 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
/* Priority class */ /* Priority class */
case ProcessPriorityClass: case ProcessPriorityClass:
/* Set the return length*/
Length = sizeof(USHORT);
if (ProcessInformationLength != Length)
{
Status = STATUS_INFO_LENGTH_MISMATCH;
break;
}
/* Enter SEH for writing back data */ /* Enter SEH for writing back data */
_SEH2_TRY _SEH2_TRY
{ {
/* Return current priority class */ /* Return current priority class */
*(PUSHORT)ProcessInformation = Process->PriorityClass; *(PUSHORT)ProcessInformation = Process->PriorityClass;
/* Set the return length */
Length = sizeof(USHORT);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{ {