[NTOSKRNL] ExRaiseHardError(): Protect strings copy to user-mode space inside a SEH block.

ntoskrnl/ex/harderr.c

@@ -387,6 +387,7 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
                  IN ULONG ValidResponseOptions,
                  OUT PULONG Response)
 {
+    NTSTATUS Status;
     SIZE_T Size;
     UNICODE_STRING CapturedParams[MAXIMUM_HARDERROR_PARAMETERS];
     ULONG i;
@@ -394,7 +395,7 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
     PHARDERROR_USER_PARAMETERS UserParams;
     PWSTR BufferBase;
     ULONG SafeResponse;
-    NTSTATUS Status;
+
     PAGED_CODE();
 
     /* Check if we have parameters */
@@ -435,10 +436,13 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
             UserParams = UserData;
             BufferBase = UserParams->Buffer;
 
+            /* Enter SEH block as we are writing to user-mode space */
+            _SEH2_TRY
+            {
                 /* Loop parameters again */
                 for (i = 0; i < NumberOfParameters; i++)
                 {
-                /* Check if we're in the mask */
+                    /* Check if we are in the mask */
                     if (UnicodeStringParameterMask & (1 << i))
                     {
                         /* Update the base */
@@ -465,6 +469,14 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
                     }
                 }
             }
+            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+            {
+                /* Return the exception code */
+                Status = _SEH2_GetExceptionCode();
+                DPRINT1("ExRaiseHardError - Exception when writing data to user-mode, Status 0x%08lx\n", Status);
+            }
+            _SEH2_END;
+        }
         else
         {
             /* Just keep the data as is */