mirror of
https://github.com/reactos/reactos.git
synced 2025-08-05 19:52:56 +00:00
[NTOSKRNL]
- Probe input buffer for read in NtSetSystemInformation() and call the helpers function in a PSEH block - For the NtSetSytemInformation - SystemSessionCreate specific case, as we return session ID, probe for write directly there. svn path=/trunk/; revision=68223
This commit is contained in:
Pierre Schweitzer
parent
c37f5f9e7c
commit
c6f9fe3713
1 changed files with 36 additions and 30 deletions
|
|
@ -2068,6 +2068,8 @@ SSI_DEF(SystemSessionCreate)
|
||||||
{
|
{
|
||||||
return STATUS_PRIVILEGE_NOT_HELD;
|
return STATUS_PRIVILEGE_NOT_HELD;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ProbeForWriteUlong(Buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
Status = MmSessionCreate(&SessionId);
|
Status = MmSessionCreate(&SessionId);
|
||||||
|
|
@ -2452,43 +2454,47 @@ NtSetSystemInformation (IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
||||||
IN PVOID SystemInformation,
|
IN PVOID SystemInformation,
|
||||||
IN ULONG SystemInformationLength)
|
IN ULONG SystemInformationLength)
|
||||||
{
|
{
|
||||||
|
NTSTATUS Status = STATUS_INVALID_INFO_CLASS;
|
||||||
|
KPROCESSOR_MODE PreviousMode;
|
||||||
|
|
||||||
PAGED_CODE();
|
PAGED_CODE();
|
||||||
|
|
||||||
/*
|
PreviousMode = ExGetPreviousMode();
|
||||||
* If called from user mode, check
|
|
||||||
* possible unsafe arguments.
|
_SEH2_TRY
|
||||||
*/
|
|
||||||
#if 0
|
|
||||||
if (KernelMode != KeGetPreviousMode())
|
|
||||||
{
|
{
|
||||||
// Check arguments
|
/*
|
||||||
//ProbeForWrite(
|
* If called from user mode, check
|
||||||
// SystemInformation,
|
* possible unsafe arguments.
|
||||||
// Length
|
*/
|
||||||
// );
|
if (PreviousMode != KernelMode)
|
||||||
//ProbeForWrite(
|
|
||||||
// ResultLength,
|
|
||||||
// sizeof (ULONG)
|
|
||||||
// );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
/*
|
|
||||||
* Check the request is valid.
|
|
||||||
*/
|
|
||||||
if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) &&
|
|
||||||
(SystemInformationClass < MAX_SYSTEM_INFO_CLASS))
|
|
||||||
{
|
|
||||||
if (NULL != CallQS [SystemInformationClass].Set)
|
|
||||||
{
|
{
|
||||||
/*
|
ProbeForRead(SystemInformation, SystemInformationLength, sizeof(ULONG));
|
||||||
* Hand the request to a subhandler.
|
}
|
||||||
*/
|
|
||||||
return CallQS [SystemInformationClass].Set(SystemInformation,
|
/*
|
||||||
SystemInformationLength);
|
* Check the request is valid.
|
||||||
|
*/
|
||||||
|
if ((SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) &&
|
||||||
|
(SystemInformationClass < MAX_SYSTEM_INFO_CLASS))
|
||||||
|
{
|
||||||
|
if (NULL != CallQS [SystemInformationClass].Set)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Hand the request to a subhandler.
|
||||||
|
*/
|
||||||
|
Status = CallQS [SystemInformationClass].Set(SystemInformation,
|
||||||
|
SystemInformationLength);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
Status = _SEH2_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH2_END;
|
||||||
|
|
||||||
return STATUS_INVALID_INFO_CLASS;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue