[NTOSKRNL] ExRaiseHardError(): Protect strings copy to user-mode space inside a SEH block.

This commit is contained in:
Hermès Bélusca-Maïto 2018-04-01 17:52:10 +02:00
parent 842605e3ef
commit ea390c2b3f
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0

View file

@ -387,6 +387,7 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
IN ULONG ValidResponseOptions, IN ULONG ValidResponseOptions,
OUT PULONG Response) OUT PULONG Response)
{ {
NTSTATUS Status;
SIZE_T Size; SIZE_T Size;
UNICODE_STRING CapturedParams[MAXIMUM_HARDERROR_PARAMETERS]; UNICODE_STRING CapturedParams[MAXIMUM_HARDERROR_PARAMETERS];
ULONG i; ULONG i;
@ -394,7 +395,7 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
PHARDERROR_USER_PARAMETERS UserParams; PHARDERROR_USER_PARAMETERS UserParams;
PWSTR BufferBase; PWSTR BufferBase;
ULONG SafeResponse; ULONG SafeResponse;
NTSTATUS Status;
PAGED_CODE(); PAGED_CODE();
/* Check if we have parameters */ /* Check if we have parameters */
@ -435,10 +436,13 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
UserParams = UserData; UserParams = UserData;
BufferBase = UserParams->Buffer; BufferBase = UserParams->Buffer;
/* Enter SEH block as we are writing to user-mode space */
_SEH2_TRY
{
/* Loop parameters again */ /* Loop parameters again */
for (i = 0; i < NumberOfParameters; i++) for (i = 0; i < NumberOfParameters; i++)
{ {
/* Check if we're in the mask */ /* Check if we are in the mask */
if (UnicodeStringParameterMask & (1 << i)) if (UnicodeStringParameterMask & (1 << i))
{ {
/* Update the base */ /* Update the base */
@ -465,6 +469,14 @@ ExRaiseHardError(IN NTSTATUS ErrorStatus,
} }
} }
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Return the exception code */
Status = _SEH2_GetExceptionCode();
DPRINT1("ExRaiseHardError - Exception when writing data to user-mode, Status 0x%08lx\n", Status);
}
_SEH2_END;
}
else else
{ {
/* Just keep the data as is */ /* Just keep the data as is */