Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 01:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

1. remove obsolete buffer size checks from NtQueryInformationProcess()

Browse source 
2. fixed some buffer checks

svn path=/trunk/; revision=13210
This commit is contained in:
Thomas Bluemel 2005-01-22 13:34:27 +00:00
parent 1be6d7bcaa
commit d361170c2c
7 changed files with 357 additions and 290 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
reactos/ntoskrnl/ex/event.c
View file

@ -151,6 +151,11 @@ NtCreateEvent(OUT PHANDLE EventHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObCreateObject(PreviousMode,
@ -285,6 +290,11 @@ NtPulseEvent(IN HANDLE EventHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObReferenceObjectByHandle(EventHandle,
@ -421,6 +431,11 @@ NtResetEvent(IN HANDLE EventHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObReferenceObjectByHandle(EventHandle,
@ -481,6 +496,11 @@ NtSetEvent(IN HANDLE EventHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObReferenceObjectByHandle(EventHandle,

10
reactos/ntoskrnl/ex/evtpair.c
View file

@ -114,6 +114,11 @@ NtCreateEventPair(OUT PHANDLE EventPairHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObCreateObject(ExGetPreviousMode(),
@ -183,6 +188,11 @@ NtOpenEventPair(OUT PHANDLE EventPairHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObOpenObjectByName(ObjectAttributes,

10
reactos/ntoskrnl/ex/mutant.c
View file

@ -137,6 +137,11 @@ NtCreateMutant(OUT PHANDLE MutantHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObCreateObject(PreviousMode,
@ -343,6 +348,11 @@ NtReleaseMutant(IN HANDLE MutantHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
Status = ObReferenceObjectByHandle(MutantHandle,

132
reactos/ntoskrnl/ex/profile.c
View file

@ -119,10 +119,42 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
IN KPROFILE_SOURCE ProfileSource,
IN KAFFINITY Affinity)
{
HANDLE SafeProfileHandle;
NTSTATUS Status;
HANDLE hProfile;
PKPROFILE Profile;
PEPROCESS pProcess;
KPROCESSOR_MODE PreviousMode;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status = STATUS_SUCCESS;
PreviousMode = ExGetPreviousMode();
if(BufferSize == 0)
{
return STATUS_INVALID_PARAMETER_7;
}
if(PreviousMode != KernelMode)
{
_SEH_TRY
{
ProbeForWrite(ProfileHandle,
sizeof(HANDLE),
sizeof(ULONG));
ProbeForWrite(Buffer,
BufferSize,
sizeof(ULONG));
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
/*
* Reference the associated process
@ -132,7 +164,7 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
Status = ObReferenceObjectByHandle(Process,
PROCESS_QUERY_INFORMATION,
PsProcessType,
UserMode,
PreviousMode,
(PVOID*)&pProcess,
NULL);
if (!NT_SUCCESS(Status))
@ -143,7 +175,11 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
else
{
pProcess = NULL;
/* FIXME: Check privilege. */
if(!SeSinglePrivilegeCheck(SeSystemProfilePrivilege,
PreviousMode))
{
return STATUS_PRIVILEGE_NOT_HELD;
}
}
/*
@ -170,10 +206,16 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
/*
* Create the object
*/
Status = ObCreateObject(ExGetPreviousMode(),
ExProfileObjectType,
InitializeObjectAttributes(&ObjectAttributes,
NULL,
ExGetPreviousMode(),
0,
NULL,
NULL);
Status = ObCreateObject(KernelMode,
ExProfileObjectType,
&ObjectAttributes,
PreviousMode,
NULL,
sizeof(KPROFILE),
0,
@ -193,6 +235,7 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
Profile->BufferMdl = MmCreateMdl(NULL, Buffer, BufferSize);
if(Profile->BufferMdl == NULL) {
DPRINT("MmCreateMdl: Out of memory!");
ObDereferenceObject (Profile);
return(STATUS_NO_MEMORY);
}
MmProbeAndLockPages(Profile->BufferMdl, UserMode, IoWriteAccess);
@ -212,7 +255,7 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
STANDARD_RIGHTS_ALL,
0,
NULL,
&SafeProfileHandle);
&hProfile);
if (!NT_SUCCESS(Status))
{
ObDereferenceObject (Profile);
@ -222,39 +265,70 @@ NtCreateProfile(OUT PHANDLE ProfileHandle,
/*
* Copy the created handle back to the caller
*/
Status = MmCopyToCaller(ProfileHandle, &SafeProfileHandle, sizeof(HANDLE));
if (!NT_SUCCESS(Status))
_SEH_TRY
{
ObDereferenceObject(Profile);
ZwClose(ProfileHandle);
return(Status);
*ProfileHandle = hProfile;
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
ObDereferenceObject(Profile);
return(STATUS_SUCCESS);
return Status;
}
NTSTATUS STDCALL
NtQueryIntervalProfile(IN KPROFILE_SOURCE ProfileSource,
OUT PULONG Interval)
{
NTSTATUS Status;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status = STATUS_SUCCESS;
PreviousMode = ExGetPreviousMode();
if(PreviousMode != KernelMode)
{
_SEH_TRY
{
ProbeForWrite(Interval,
sizeof(ULONG),
sizeof(ULONG));
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
if (ProfileSource == ProfileTime)
{
ULONG SafeInterval;
ULONG ReturnInterval;
/* FIXME: What units does this use, for now nanoseconds */
SafeInterval = 100;
Status = MmCopyToCaller(Interval, &SafeInterval, sizeof(ULONG));
if (!NT_SUCCESS(Status))
ReturnInterval = 100;
_SEH_TRY
{
return(Status);
*Interval = ReturnInterval;
}
return(STATUS_SUCCESS);
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
return(STATUS_INVALID_PARAMETER_2);
_SEH_END;
return Status;
}
return STATUS_INVALID_PARAMETER_2;
}
NTSTATUS STDCALL
@ -267,13 +341,16 @@ NtSetIntervalProfile(IN ULONG Interval,
NTSTATUS STDCALL
NtStartProfile(IN HANDLE ProfileHandle)
{
NTSTATUS Status;
PKPROFILE Profile;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PreviousMode = ExGetPreviousMode();
Status = ObReferenceObjectByHandle(ProfileHandle,
STANDARD_RIGHTS_ALL,
ExProfileObjectType,
UserMode,
PreviousMode,
(PVOID*)&Profile,
NULL);
if (!NT_SUCCESS(Status))
@ -288,13 +365,16 @@ NtStartProfile(IN HANDLE ProfileHandle)
NTSTATUS STDCALL
NtStopProfile(IN HANDLE ProfileHandle)
{
NTSTATUS Status;
PKPROFILE Profile;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PreviousMode = ExGetPreviousMode();
Status = ObReferenceObjectByHandle(ProfileHandle,
STANDARD_RIGHTS_ALL,
ExProfileObjectType,
UserMode,
PreviousMode,
(PVOID*)&Profile,
NULL);
if (!NT_SUCCESS(Status))

44
reactos/ntoskrnl/ex/sysinfo.c
View file

@ -95,7 +95,6 @@ NtQuerySystemEnvironmentValue (IN PUNICODE_STRING VariableName,
IN ULONG ValueBufferLength,
IN OUT PULONG ReturnLength OPTIONAL)
{
NTSTATUS Status;
ANSI_STRING AName;
UNICODE_STRING WName;
BOOLEAN Result;
@ -103,9 +102,39 @@ NtQuerySystemEnvironmentValue (IN PUNICODE_STRING VariableName,
ANSI_STRING AValue;
UNICODE_STRING WValue;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status = STATUS_SUCCESS;
PreviousMode = ExGetPreviousMode();
if(PreviousMode != KernelMode)
{
_SEH_TRY
{
ProbeForRead(VariableName,
sizeof(UNICODE_STRING),
sizeof(ULONG));
ProbeForWrite(ValueBuffer,
ValueBufferLength,
sizeof(WCHAR));
if(ReturnLength != NULL)
{
ProbeForWrite(ReturnLength,
sizeof(ULONG),
sizeof(ULONG));
}
}
_SEH_HANDLE
{
Status = _SEH_GetExceptionCode();
}
_SEH_END;
if(!NT_SUCCESS(Status))
{
return Status;
}
}
/*
* Copy the name to kernel space if necessary and convert it to ANSI.
*/
@ -116,19 +145,6 @@ NtQuerySystemEnvironmentValue (IN PUNICODE_STRING VariableName,
VariableName);
if(NT_SUCCESS(Status))
{
if(PreviousMode != KernelMode)
{
ProbeForWrite(ValueBuffer,
ValueBufferLength,
sizeof(WCHAR));
if(ReturnLength != NULL)
{
ProbeForWrite(ReturnLength,
sizeof(ULONG),
sizeof(ULONG));
}
}
/*
* according to ntinternals the SeSystemEnvironmentName privilege is required!
*/

17
reactos/ntoskrnl/io/event.c
View file

@ -65,7 +65,6 @@ IoCreateSynchronizationEvent(PUNICODE_STRING EventName,
PHANDLE EventHandle)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING CapturedEventName;
KPROCESSOR_MODE PreviousMode;
PKEVENT Event;
HANDLE Handle;
@ -73,18 +72,8 @@ IoCreateSynchronizationEvent(PUNICODE_STRING EventName,
PreviousMode = ExGetPreviousMode();
Status = RtlCaptureUnicodeString(&CapturedEventName,
PreviousMode,
NonPagedPool,
FALSE,
EventName);
if (!NT_SUCCESS(Status))
{
return NULL;
}
InitializeObjectAttributes(&ObjectAttributes,
&CapturedEventName,
EventName,
OBJ_OPENIF,
NULL,
NULL);
@ -95,10 +84,6 @@ IoCreateSynchronizationEvent(PUNICODE_STRING EventName,
SynchronizationEvent,
TRUE);
RtlRelaseCapturedUnicodeString(&CapturedEventName,
PreviousMode,
FALSE);
if (!NT_SUCCESS(Status))
{
return NULL;

72
reactos/ntoskrnl/ps/process.c
View file

@ -1208,11 +1208,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
switch (ProcessInformationClass)
{
case ProcessBasicInformation:
if (ProcessInformationLength != sizeof(PROCESS_BASIC_INFORMATION))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PPROCESS_BASIC_INFORMATION ProcessBasicInformationP =
(PPROCESS_BASIC_INFORMATION)ProcessInformation;
@ -1239,8 +1234,8 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessQuotaLimits:
case ProcessIoCounters:
@ -1248,11 +1243,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break;
case ProcessTimes:
if (ProcessInformationLength != sizeof(KERNEL_USER_TIMES))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PKERNEL_USER_TIMES ProcessTimeP = (PKERNEL_USER_TIMES)ProcessInformation;
_SEH_TRY
@ -1272,20 +1262,13 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessDebugPort:
{
if (ProcessInformationLength != sizeof(HANDLE))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
_SEH_TRY
{
*(PHANDLE)ProcessInformation = (Process->DebugPort != NULL ? (HANDLE)-1 : NULL);
if (ReturnLength)
{
@ -1297,7 +1280,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
@ -1308,11 +1290,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break;
case ProcessHandleCount:
if (ProcessInformationLength != sizeof(ULONG))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
ULONG HandleCount = ObpGetHandleCountByHandleTable(&Process->HandleTable);
@ -1329,16 +1306,10 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessSessionInformation:
{
if (ProcessInformationLength != sizeof(PROCESS_SESSION_INFORMATION))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PPROCESS_SESSION_INFORMATION SessionInfo = (PPROCESS_SESSION_INFORMATION)ProcessInformation;
@ -1355,7 +1326,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
@ -1365,11 +1335,6 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
break;
case ProcessVmCounters:
if (ProcessInformationLength != sizeof(VM_COUNTERS))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PVM_COUNTERS pOut = (PVM_COUNTERS)ProcessInformation;
@ -1402,15 +1367,10 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessDefaultHardErrorMode:
if (ProcessInformationLength != sizeof(ULONG))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PULONG HardErrMode = (PULONG)ProcessInformation;
_SEH_TRY
@ -1426,15 +1386,10 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessPriorityBoost:
if (ProcessInformationLength != sizeof(ULONG))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PULONG BoostEnabled = (PULONG)ProcessInformation;
@ -1452,15 +1407,10 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessDeviceMap:
if (ProcessInformationLength != sizeof(PROCESS_DEVICEMAP_INFORMATION))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PROCESS_DEVICEMAP_INFORMATION DeviceMap;
@ -1479,15 +1429,10 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessPriorityClass:
if (ProcessInformationLength != sizeof(USHORT))
{
Status = STATUS_INFO_LENGTH_MISMATCH;
}
else
{
PUSHORT Priority = (PUSHORT)ProcessInformation;
@ -1505,8 +1450,8 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
Status = _SEH_GetExceptionCode();
}
_SEH_END;
}
break;
}
case ProcessImageFileName:
{
@ -1620,6 +1565,7 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
}
}
/* don't forget to detach from the process!!! */
KeDetachProcess();
}
else