[ros-dev] [ros-diffs] [fireball] 53599: [NTOS] - Fix IoCheckEaBufferValidity (IntEaLength must be signed, otherwise loop exiting condition may not trigger). - SEH-protect ObQueryNameString (by Dmitry Chapyshev's request).
Alex Ionescu
ionucu at videotron.ca
Mon Sep 5 16:26:20 UTC 2011
Good to know we are now changing good, working code, on people's "request".
Best regards,
Alex Ionescu
On Mon, Sep 5, 2011 at 4:05 PM, <fireball at svn.reactos.org> wrote:
> Author: fireball
> Date: Mon Sep 5 15:05:56 2011
> New Revision: 53599
>
> URL: http://svn.reactos.org/svn/reactos?rev=53599&view=rev
> Log:
> [NTOS]
> - Fix IoCheckEaBufferValidity (IntEaLength must be signed, otherwise loop
> exiting condition may not trigger).
> - SEH-protect ObQueryNameString (by Dmitry Chapyshev's request).
>
> Modified:
> trunk/reactos/ntoskrnl/io/iomgr/util.c
> trunk/reactos/ntoskrnl/ob/obname.c
>
> Modified: trunk/reactos/ntoskrnl/io/iomgr/util.c
> URL:
> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/util.c?rev=53599&r1=53598&r2=53599&view=diff
>
> ==============================================================================
> --- trunk/reactos/ntoskrnl/io/iomgr/util.c [iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/io/iomgr/util.c [iso-8859-1] Mon Sep 5 15:05:56
> 2011
> @@ -166,7 +166,8 @@
> OUT PULONG ErrorOffset)
> {
> PFILE_FULL_EA_INFORMATION EaBufferEnd;
> - ULONG NextEaBufferOffset, IntEaLength;
> + ULONG NextEaBufferOffset;
> + LONG IntEaLength;
>
> PAGED_CODE();
>
>
> Modified: trunk/reactos/ntoskrnl/ob/obname.c
> URL:
> http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obname.c?rev=53599&r1=53598&r2=53599&view=diff
>
> ==============================================================================
> --- trunk/reactos/ntoskrnl/ob/obname.c [iso-8859-1] (original)
> +++ trunk/reactos/ntoskrnl/ob/obname.c [iso-8859-1] Mon Sep 5 15:05:56
> 2011
> @@ -986,6 +986,7 @@
> ULONG NameSize;
> PWCH ObjectName;
> BOOLEAN ObjectIsNamed;
> + NTSTATUS Status = STATUS_SUCCESS;
>
> /* Get the Kernel Meta-Structures */
> ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
> @@ -994,28 +995,57 @@
> /* Check if a Query Name Procedure is available */
> if (ObjectHeader->Type->TypeInfo.QueryNameProcedure)
> {
> - /* Call the procedure */
> + /* Call the procedure inside SEH */
> ObjectIsNamed = ((LocalInfo) && (LocalInfo->Name.Length > 0));
> - return ObjectHeader->Type->TypeInfo.QueryNameProcedure(Object,
> +
> + _SEH2_TRY
> + {
> + Status =
> ObjectHeader->Type->TypeInfo.QueryNameProcedure(Object,
>
> ObjectIsNamed,
>
> ObjectNameInfo,
> Length,
>
> ReturnLength,
> KernelMode);
> + }
> + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
> + {
> + /* Return the exception code */
> + Status = _SEH2_GetExceptionCode();
> + }
> + _SEH2_END;
> +
> + return Status;
> }
>
> /* Check if the object doesn't even have a name */
> if (!(LocalInfo) || !(LocalInfo->Name.Buffer))
> {
> - /* We're returning the name structure */
> - *ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
> -
> - /* Check if we were given enough space */
> - if (*ReturnLength > Length) return STATUS_INFO_LENGTH_MISMATCH;
> -
> - /* Return an empty buffer */
> - RtlInitEmptyUnicodeString(&ObjectNameInfo->Name, NULL, 0);
> - return STATUS_SUCCESS;
> + Status = STATUS_SUCCESS;
> +
> + _SEH2_TRY
> + {
> + /* We're returning the name structure */
> + *ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
> +
> + /* Check if we were given enough space */
> + if (*ReturnLength > Length)
> + {
> + Status = STATUS_INFO_LENGTH_MISMATCH;
> + }
> + else
> + {
> + /* Return an empty buffer */
> + RtlInitEmptyUnicodeString(&ObjectNameInfo->Name, NULL, 0);
> + }
> + }
> + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
> + {
> + /* Return the exception code */
> + Status = _SEH2_GetExceptionCode();
> + }
> + _SEH2_END;
> +
> + return Status;
> }
>
> /*
> @@ -1025,126 +1055,136 @@
> * enough right at the beginning, not work our way through
> * and find out at the end
> */
> - if (Object == ObpRootDirectoryObject)
> - {
> - /* Size of the '\' string */
> - NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR);
> - }
> - else
> - {
> - /* Get the Object Directory and add name of Object */
> - ParentDirectory = LocalInfo->Directory;
> - NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR) +
> LocalInfo->Name.Length;
> -
> - /* Loop inside the directory to get the top-most one (meaning
> root) */
> - while ((ParentDirectory != ObpRootDirectoryObject) &&
> (ParentDirectory))
> - {
> - /* Get the Name Information */
> - LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
> - OBJECT_TO_OBJECT_HEADER(ParentDirectory));
> -
> - /* Add the size of the Directory Name */
> - if (LocalInfo && LocalInfo->Directory)
> - {
> - /* Size of the '\' string + Directory Name */
> - NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) +
> - LocalInfo->Name.Length;
> -
> - /* Move to next parent Directory */
> - ParentDirectory = LocalInfo->Directory;
> - }
> - else
> - {
> - /* Directory with no name. We append "...\" */
> - NameSize += sizeof(L"...") +
> sizeof(OBJ_NAME_PATH_SEPARATOR);
> - break;
> - }
> - }
> - }
> -
> - /* Finally, add the name of the structure and the null char */
> - *ReturnLength = NameSize +
> - sizeof(OBJECT_NAME_INFORMATION) +
> - sizeof(UNICODE_NULL);
> -
> - /* Check if we were given enough space */
> - if (*ReturnLength > Length) return STATUS_INFO_LENGTH_MISMATCH;
> -
> - /*
> - * Now we will actually create the name. We work backwards because
> - * it's easier to start off from the Name we have and walk up the
> - * parent directories. We use the same logic as Name Length
> calculation.
> - */
> - LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
> - ObjectName = (PWCH)((ULONG_PTR)ObjectNameInfo + *ReturnLength);
> - *--ObjectName = UNICODE_NULL;
> -
> - /* Check if the object is actually the Root directory */
> - if (Object == ObpRootDirectoryObject)
> - {
> - /* This is already the Root Directory, return "\\" */
> - *--ObjectName = OBJ_NAME_PATH_SEPARATOR;
> - ObjectNameInfo->Name.Length = (USHORT)NameSize;
> - ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
> -
> sizeof(UNICODE_NULL));
> - ObjectNameInfo->Name.Buffer = ObjectName;
> - return STATUS_SUCCESS;
> - }
> - else
> - {
> - /* Start by adding the Object's Name */
> - ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> - LocalInfo->Name.Length);
> - RtlCopyMemory(ObjectName,
> - LocalInfo->Name.Buffer,
> - LocalInfo->Name.Length);
> -
> - /* Now parse the Parent directories until we reach the top */
> - ParentDirectory = LocalInfo->Directory;
> - while ((ParentDirectory != ObpRootDirectoryObject) &&
> (ParentDirectory))
> - {
> - /* Get the name information */
> - LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
> - OBJECT_TO_OBJECT_HEADER(ParentDirectory));
> -
> - /* Add the "\" */
> + _SEH2_TRY
> + {
> + if (Object == ObpRootDirectoryObject)
> + {
> + /* Size of the '\' string */
> + NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR);
> + }
> + else
> + {
> + /* Get the Object Directory and add name of Object */
> + ParentDirectory = LocalInfo->Directory;
> + NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR) +
> LocalInfo->Name.Length;
> +
> + /* Loop inside the directory to get the top-most one (meaning
> root) */
> + while ((ParentDirectory != ObpRootDirectoryObject) &&
> (ParentDirectory))
> + {
> + /* Get the Name Information */
> + LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
> + OBJECT_TO_OBJECT_HEADER(ParentDirectory));
> +
> + /* Add the size of the Directory Name */
> + if (LocalInfo && LocalInfo->Directory)
> + {
> + /* Size of the '\' string + Directory Name */
> + NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) +
> + LocalInfo->Name.Length;
> +
> + /* Move to next parent Directory */
> + ParentDirectory = LocalInfo->Directory;
> + }
> + else
> + {
> + /* Directory with no name. We append "...\" */
> + NameSize += sizeof(L"...") +
> sizeof(OBJ_NAME_PATH_SEPARATOR);
> + break;
> + }
> + }
> + }
> +
> + /* Finally, add the name of the structure and the null char */
> + *ReturnLength = NameSize +
> + sizeof(OBJECT_NAME_INFORMATION) +
> + sizeof(UNICODE_NULL);
> +
> + /* Check if we were given enough space */
> + if (*ReturnLength > Length) _SEH2_YIELD(return
> STATUS_INFO_LENGTH_MISMATCH);
> +
> + /*
> + * Now we will actually create the name. We work backwards because
> + * it's easier to start off from the Name we have and walk up the
> + * parent directories. We use the same logic as Name Length
> calculation.
> + */
> + LocalInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
> + ObjectName = (PWCH)((ULONG_PTR)ObjectNameInfo + *ReturnLength);
> + *--ObjectName = UNICODE_NULL;
> +
> + /* Check if the object is actually the Root directory */
> + if (Object == ObpRootDirectoryObject)
> + {
> + /* This is already the Root Directory, return "\\" */
> + *--ObjectName = OBJ_NAME_PATH_SEPARATOR;
> + ObjectNameInfo->Name.Length = (USHORT)NameSize;
> + ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
> +
> sizeof(UNICODE_NULL));
> + ObjectNameInfo->Name.Buffer = ObjectName;
> + _SEH2_YIELD(return STATUS_SUCCESS);
> + }
> + else
> + {
> + /* Start by adding the Object's Name */
> + ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> + LocalInfo->Name.Length);
> + RtlCopyMemory(ObjectName,
> + LocalInfo->Name.Buffer,
> + LocalInfo->Name.Length);
> +
> + /* Now parse the Parent directories until we reach the top */
> + ParentDirectory = LocalInfo->Directory;
> + while ((ParentDirectory != ObpRootDirectoryObject) &&
> (ParentDirectory))
> + {
> + /* Get the name information */
> + LocalInfo = OBJECT_HEADER_TO_NAME_INFO(
> + OBJECT_TO_OBJECT_HEADER(ParentDirectory));
> +
> + /* Add the "\" */
> + *(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
> +
> + /* Add the Parent Directory's Name */
> + if (LocalInfo && LocalInfo->Name.Buffer)
> + {
> + /* Add the name */
> + ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> +
> LocalInfo->Name.Length);
> + RtlCopyMemory(ObjectName,
> + LocalInfo->Name.Buffer,
> + LocalInfo->Name.Length);
> +
> + /* Move to next parent */
> + ParentDirectory = LocalInfo->Directory;
> + }
> + else
> + {
> + /* Directory without a name, we add "..." */
> + ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> + sizeof(L"...") +
> + sizeof(UNICODE_NULL));
> + RtlCopyMemory(ObjectName,
> + L"...",
> + sizeof(L"...") + sizeof(UNICODE_NULL));
> + break;
> + }
> + }
> +
> + /* Add Root Directory Name */
> *(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
> -
> - /* Add the Parent Directory's Name */
> - if (LocalInfo && LocalInfo->Name.Buffer)
> - {
> - /* Add the name */
> - ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> - LocalInfo->Name.Length);
> - RtlCopyMemory(ObjectName,
> - LocalInfo->Name.Buffer,
> - LocalInfo->Name.Length);
> -
> - /* Move to next parent */
> - ParentDirectory = LocalInfo->Directory;
> - }
> - else
> - {
> - /* Directory without a name, we add "..." */
> - ObjectName = (PWCH)((ULONG_PTR)ObjectName -
> - sizeof(L"...") +
> sizeof(UNICODE_NULL));
> - RtlCopyMemory(ObjectName,
> - L"...",
> - sizeof(L"...") + sizeof(UNICODE_NULL));
> - break;
> - }
> - }
> -
> - /* Add Root Directory Name */
> - *(--ObjectName) = OBJ_NAME_PATH_SEPARATOR;
> - ObjectNameInfo->Name.Length = (USHORT)NameSize;
> - ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize +
> -
> sizeof(UNICODE_NULL));
> - ObjectNameInfo->Name.Buffer = ObjectName;
> - }
> + ObjectNameInfo->Name.Length = (USHORT)NameSize;
> + ObjectNameInfo->Name.MaximumLength =
> + (USHORT)(NameSize + sizeof(UNICODE_NULL));
> + ObjectNameInfo->Name.Buffer = ObjectName;
> + }
> + }
> + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
> + {
> + /* Return the exception code */
> + Status = _SEH2_GetExceptionCode();
> + }
> + _SEH2_END;
>
> /* Return success */
> - return STATUS_SUCCESS;
> + return Status;
> }
>
> VOID
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.reactos.org/pipermail/ros-dev/attachments/20110905/3904087f/attachment-0001.htm>
More information about the Ros-dev
mailing list