Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-07-04 09:41:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Don't assume the object body allocated by ObCreateObject (through ObpAllocateObject) is zero-initialized (it shouldn't be).

Browse source 
svn path=/trunk/; revision=41972
This commit is contained in:
Stefan Ginsberg 2009-07-15 16:13:08 +00:00
parent bfb7dae4a2
commit ddbfcbae40
4 changed files with 21 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
reactos/ntoskrnl/mm/section.c
View file

@ -2375,6 +2375,8 @@ MmCreatePageFileSection(PROS_SECTION_OBJECT *SectionObject,
/* /*
* Initialize it * Initialize it
*/ */
Section->Type = 0;
Section->Size = 0;
Section->SectionPageProtection = SectionPageProtection; Section->SectionPageProtection = SectionPageProtection;
Section->AllocationAttributes = AllocationAttributes; Section->AllocationAttributes = AllocationAttributes;
Section->Segment = NULL; Section->Segment = NULL;
@ -2447,6 +2449,8 @@ MmCreateDataFileSection(PROS_SECTION_OBJECT *SectionObject,
/* /*
* Initialize it * Initialize it
*/ */
Section->Type = 0;
Section->Size = 0;
Section->SectionPageProtection = SectionPageProtection; Section->SectionPageProtection = SectionPageProtection;
Section->AllocationAttributes = AllocationAttributes; Section->AllocationAttributes = AllocationAttributes;
Section->Segment = NULL; Section->Segment = NULL;
@ -3373,6 +3377,9 @@ MmCreateImageSection(PROS_SECTION_OBJECT *SectionObject,
/* /*
* Initialize it * Initialize it
*/ */
Section->Type = 0;
Section->Size = 0;
Section->MaximumSize.QuadPart = 0;
Section->SectionPageProtection = SectionPageProtection; Section->SectionPageProtection = SectionPageProtection;
Section->AllocationAttributes = AllocationAttributes; Section->AllocationAttributes = AllocationAttributes;

18
reactos/ntoskrnl/se/token.c
View file

@ -248,6 +248,9 @@ SepDuplicateToken(PTOKEN Token,
return(Status); return(Status);
} }
/* Zero out the buffer */
RtlZeroMemory(AccessToken, sizeof(TOKEN));
Status = ZwAllocateLocallyUniqueId(&AccessToken->TokenId); Status = ZwAllocateLocallyUniqueId(&AccessToken->TokenId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -264,7 +267,6 @@ SepDuplicateToken(PTOKEN Token,
AccessToken->TokenLock = &SepTokenLock; AccessToken->TokenLock = &SepTokenLock;
AccessToken->TokenInUse = 0;
AccessToken->TokenType = TokenType; AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = Level; AccessToken->ImpersonationLevel = Level;
RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId); RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
@ -332,10 +334,6 @@ SepDuplicateToken(PTOKEN Token,
Token->DefaultDacl, Token->DefaultDacl,
Token->DefaultDacl->AclSize); Token->DefaultDacl->AclSize);
} }
else
{
AccessToken->DefaultDacl = 0;
}
} }
if ( NT_SUCCESS(Status) ) if ( NT_SUCCESS(Status) )
@ -550,6 +548,9 @@ SepCreateSystemProcessToken(VOID)
return NULL; return NULL;
} }
/* Zero out the buffer */
RtlZeroMemory(AccessToken, sizeof(TOKEN));
Status = ExpAllocateLocallyUniqueId(&AccessToken->TokenId); Status = ExpAllocateLocallyUniqueId(&AccessToken->TokenId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -575,8 +576,6 @@ SepCreateSystemProcessToken(VOID)
AccessToken->TokenType = TokenPrimary; AccessToken->TokenType = TokenPrimary;
AccessToken->ImpersonationLevel = SecurityDelegation; AccessToken->ImpersonationLevel = SecurityDelegation;
AccessToken->TokenSource.SourceIdentifier.LowPart = 0;
AccessToken->TokenSource.SourceIdentifier.HighPart = 0;
memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8); memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8);
AccessToken->ExpirationTime.QuadPart = -1; AccessToken->ExpirationTime.QuadPart = -1;
AccessToken->UserAndGroupCount = 4; AccessToken->UserAndGroupCount = 4;
@ -2043,6 +2042,9 @@ NtCreateToken(OUT PHANDLE TokenHandle,
return(Status); return(Status);
} }
/* Zero out the buffer */
RtlZeroMemory(AccessToken, sizeof(TOKEN));
AccessToken->TokenLock = &SepTokenLock; AccessToken->TokenLock = &SepTokenLock;
RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier, RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
@ -2058,8 +2060,6 @@ NtCreateToken(OUT PHANDLE TokenHandle,
AccessToken->UserAndGroupCount = TokenGroups->GroupCount + 1; AccessToken->UserAndGroupCount = TokenGroups->GroupCount + 1;
AccessToken->PrivilegeCount = TokenPrivileges->PrivilegeCount; AccessToken->PrivilegeCount = TokenPrivileges->PrivilegeCount;
AccessToken->UserAndGroups = 0;
AccessToken->Privileges = 0;
AccessToken->TokenType = TokenType; AccessToken->TokenType = TokenType;
AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE) AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE)

1
reactos/subsystems/win32/win32k/ntuser/desktop.c
View file

@ -142,6 +142,7 @@ IntDesktopObjectParse(IN PVOID ParseObject,
if (!NT_SUCCESS(Status)) return Status; if (!NT_SUCCESS(Status)) return Status;
/* Initialize shell hook window list and set the parent */ /* Initialize shell hook window list and set the parent */
RtlZeroMemory(Desktop, sizeof(DESKTOP));
InitializeListHead(&Desktop->ShellHookWindows); InitializeListHead(&Desktop->ShellHookWindows);
Desktop->WindowStation = (PWINSTATION_OBJECT)ParseObject; Desktop->WindowStation = (PWINSTATION_OBJECT)ParseObject;

3
reactos/subsystems/win32/win32k/ntuser/winsta.c
View file

@ -483,6 +483,9 @@ NtUserCreateWindowStation(
return 0; return 0;
} }
/* Zero out the buffer */
RtlZeroMemory(WindowStationObject, sizeof(WINSTATION_OBJECT));
KeInitializeSpinLock(&WindowStationObject->Lock); KeInitializeSpinLock(&WindowStationObject->Lock);
InitializeListHead(&WindowStationObject->DesktopListHead); InitializeListHead(&WindowStationObject->DesktopListHead);