[ros-diffs] [ekohl] 64318: [LSASRV] Fix memory related issues in calls to LsaEnumerateLogonSessions. - Initialize ClientBaseAddress to NULL because we do not need to allocate a fixed memory page. - Protect Len...

[ekohl]

Author: ekohl
Date: Fri Sep 26 23:46:59 2014
New Revision: 64318

URL: http://svn.reactos.org/svn/reactos?rev=64318&view=rev
Log:
[LSASRV]
Fix memory related issues in calls to LsaEnumerateLogonSessions.
- Initialize ClientBaseAddress to NULL because we do not need to allocate a 
fixed memory page.
- Protect Length from being overwitten by NtWriteVirtualMemory.

Modified:
    trunk/reactos/dll/win32/lsasrv/session.c

Modified: trunk/reactos/dll/win32/lsasrv/session.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/session.c?rev=64318&r1=64317&r2=64318&view=diff
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/session.c    [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/session.c    [iso-8859-1] Fri Sep 26 
23:46:59 2014
@@ -131,8 +131,8 @@
     PLIST_ENTRY SessionEntry;
     PLSAP_LOGON_SESSION CurrentSession;
     PLUID SessionList;
-    ULONG i, Length;
-    PVOID ClientBaseAddress;
+    ULONG i, Length, MemSize;
+    PVOID ClientBaseAddress = NULL;
     NTSTATUS Status;
 
     TRACE("LsapEnumLogonSessions()\n");
@@ -175,10 +175,11 @@
         goto done;
     }
 
+    MemSize = Length;
     Status = NtAllocateVirtualMemory(ProcessHandle,
                                      &ClientBaseAddress,
                                      0,
-                                     &Length,
+                                     &MemSize,
                                      MEM_COMMIT,
                                      PAGE_READWRITE);
     if (!NT_SUCCESS(Status))