Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CONSRV]

Browse source 
- Remove a wrong assertion that I introduced in r70281 concerning Console->LinePos.
- Fix some boundary conditions.
- Completely reset line discipline variables when the line buffer is freed.
- Fix a potential buffer overrun in the case ReadControl->nInitialChars was larger than Console->LineMaxSize (the size of Console->LineBuffer), which serves to initialize Console->LineSize, Console->LinePos, and copy nInitialChars characters from user buffer.
CORE-11380 CORE-10997 #resolve

svn path=/trunk/; revision=71591
This commit is contained in:
Hermès Bélusca-Maïto 2016-06-07 22:52:44 +00:00
parent 97556cc77d
commit b8391e20ad
1 changed files with 22 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
reactos/win32ss/user/winsrv/consrv/frontends/terminal.c
View file

@ -330,7 +330,13 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
{
/* Start a new line */
Console->LineMaxSize = max(256, NumCharsToRead);
ASSERT(ReadControl->nInitialChars <= Console->LineMaxSize);
/*
* Fixup ReadControl->nInitialChars in case the number of initial
* characters is bigger than the number of characters to be read.
* It will always be, lesser than or equal to Console->LineMaxSize.
*/
ReadControl->nInitialChars = min(ReadControl->nInitialChars, NumCharsToRead);
Console->LineBuffer = ConsoleAllocHeap(0, Console->LineMaxSize * sizeof(WCHAR));
if (Console->LineBuffer == NULL) return STATUS_NO_MEMORY;
@ -346,7 +352,7 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
* worry about ANSI <-> Unicode conversion.
*/
memcpy(Console->LineBuffer, Buffer, Console->LineSize * sizeof(WCHAR));
if (Console->LineSize == Console->LineMaxSize)
if (Console->LineSize >= Console->LineMaxSize)
{
Console->LineComplete = TRUE;
Console->LinePos = 0;
@ -356,7 +362,7 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
/* If we don't have a complete line yet, process the pending input */
while (!Console->LineComplete && !IsListEmpty(&InputBuffer->InputEvents))
{
/* Remove input event from queue */
/* Remove an input event from the queue */
CurrentEntry = RemoveHeadList(&InputBuffer->InputEvents);
if (IsListEmpty(&InputBuffer->InputEvents))
{
@ -378,12 +384,14 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
/* Check if we have a complete line to read from */
if (Console->LineComplete)
{
// NOTE: I want to check whether we always set LinePos to zero
// when LineComplete is set to TRUE.
// Basically, we are going to use LinePos as 'i'.
ASSERT(Console->LinePos == 0);
/*
* Console->LinePos keeps the next position of the character to read
* in the line buffer across the different calls of the function,
* so that the line buffer can be read by chunks after all the input
* has been buffered.
*/
while (i < NumCharsToRead && Console->LinePos != Console->LineSize)
while (i < NumCharsToRead && Console->LinePos < Console->LineSize)
{
WCHAR Char = Console->LineBuffer[Console->LinePos++];
@ -398,11 +406,14 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
++i;
}
if (Console->LinePos == Console->LineSize)
if (Console->LinePos >= Console->LineSize)
{
/* Entire line has been read */
/* The entire line has been read */
ConsoleFreeHeap(Console->LineBuffer);
Console->LineBuffer = NULL;
Console->LinePos = Console->LineMaxSize = Console->LineSize = 0;
// Console->LineComplete = Console->LineUpPressed = FALSE;
Console->LineComplete = FALSE;
}
Status = STATUS_SUCCESS;
@ -415,7 +426,7 @@ ConSrvTermReadStream(IN OUT PTERMINAL This,
/* Character input */
while (i < NumCharsToRead && !IsListEmpty(&InputBuffer->InputEvents))
{
/* Remove input event from queue */
/* Remove an input event from the queue */
CurrentEntry = RemoveHeadList(&InputBuffer->InputEvents);
if (IsListEmpty(&InputBuffer->InputEvents))
{