From fc4d23fa188eb5522e468219c39ad879d222ba6a Mon Sep 17 00:00:00 2001 From: Dmitry Gorbachev Date: Sat, 23 May 2009 15:02:19 +0000 Subject: [PATCH] Fix buffer overflow, add some debug prints. svn path=/trunk/; revision=41076 --- reactos/base/system/smss/smapi.c | 14 +++++++++----- reactos/include/reactos/subsys/sm/api.h | 6 ++---- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/reactos/base/system/smss/smapi.c b/reactos/base/system/smss/smapi.c index 0d5ec5b48e5..df9e0c777bb 100644 --- a/reactos/base/system/smss/smapi.c +++ b/reactos/base/system/smss/smapi.c @@ -68,7 +68,7 @@ SmpCallbackServer (PSM_PORT_MESSAGE Request, ULONG CallbackPortNameLength = SM_SB_NAME_MAX_LENGTH; /* TODO: compute length */ SB_CONNECT_DATA SbConnectData; ULONG SbConnectDataLength = sizeof SbConnectData; - SECURITY_QUALITY_OF_SERVICE SecurityQos; + SECURITY_QUALITY_OF_SERVICE SecurityQos; DPRINT("SM: %s called\n", __FUNCTION__); @@ -118,7 +118,7 @@ SmpApiConnectedThread(PVOID pConnectedPort) HANDLE ConnectedPort = * (PHANDLE) pConnectedPort; DPRINT("SM: %s called\n", __FUNCTION__); - RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE)); + RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE)); while (TRUE) { @@ -160,10 +160,13 @@ SmpApiConnectedThread(PVOID pConnectedPort) } } else { /* LPC failed */ + DPRINT1("SM: %s: NtReplyWaitReceivePort() failed (Status=0x%08lx)\n", + __FUNCTION__, Status); break; } } NtClose (ConnectedPort); + DPRINT("SM: %s done\n", __FUNCTION__); NtTerminateThread (NtCurrentThread(), Status); } @@ -267,7 +270,7 @@ SmpHandleConnectionRequest (PSM_PORT_MESSAGE Request) __FUNCTION__, Status); return Status; } else { - DPRINT("SM: %s: completing conn req\n", __FUNCTION__); + DPRINT("SM: %s: completing connection request\n", __FUNCTION__); Status = NtCompleteConnectPort (*ClientDataApiPort); if (!NT_SUCCESS(Status)) { @@ -293,6 +296,7 @@ SmpHandleConnectionRequest (PSM_PORT_MESSAGE Request) * necessary in NT LPC, because server side connected ports are * never used to receive requests. */ +#if 0 VOID NTAPI SmpApiThread (HANDLE ListeningPort) { @@ -323,7 +327,7 @@ SmpApiThread (HANDLE ListeningPort) /* DIE */ NtTerminateThread(NtCurrentThread(), Status); } - +#endif /* LPC PORT INITIALIZATION **************************************************/ @@ -338,7 +342,7 @@ NTSTATUS SmCreateApiPort(VOID) { OBJECT_ATTRIBUTES ObjectAttributes = {0}; - UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(L"\\SmApiPort"); + UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(SM_API_PORT_NAME); NTSTATUS Status = STATUS_SUCCESS; InitializeObjectAttributes(&ObjectAttributes, diff --git a/reactos/include/reactos/subsys/sm/api.h b/reactos/include/reactos/subsys/sm/api.h index 37a88c8b7a5..cf3b1778d60 100644 --- a/reactos/include/reactos/subsys/sm/api.h +++ b/reactos/include/reactos/subsys/sm/api.h @@ -1,4 +1,3 @@ -/* $Id$ */ #ifndef __SM_API_H #define __SM_API_H @@ -107,7 +106,7 @@ typedef struct _SM_PORT_MESSAGE_QRYINFO /*** | ****************************************************************/ -typedef union _SM_PORT_MESSAGE +typedef struct _SM_PORT_MESSAGE { /*** LPC common header ***/ PORT_MESSAGE Header; @@ -115,7 +114,6 @@ typedef union _SM_PORT_MESSAGE { struct { - UCHAR LpcHeader[sizeof(PORT_MESSAGE)]; /*** SM common header ***/ struct { @@ -139,7 +137,7 @@ typedef union _SM_PORT_MESSAGE } Reply; }; }; - UCHAR PadBuffer[PORT_MAXIMUM_MESSAGE_LENGTH]; + SM_CONNECT_DATA ConnectData; }; } SM_PORT_MESSAGE, * PSM_PORT_MESSAGE;