[ros-diffs] [pschweitzer] 68899: [NTOSKRNL] Probe buffers in case they come from user-mode in KdpPrint() and KdpPrompt(). This fixes two fixme.

Tue, 01 Sep 2015 10:26:40 -0700 

Author: pschweitzer
Date: Tue Sep  1 17:23:56 2015
New Revision: 68899

URL: http://svn.reactos.org/svn/reactos?rev=68899&view=rev
Log:
[NTOSKRNL]
Probe buffers in case they come from user-mode in KdpPrint() and KdpPrompt().
This fixes two fixme.

Modified:
    trunk/reactos/ntoskrnl/kd64/kdprint.c

Modified: trunk/reactos/ntoskrnl/kd64/kdprint.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/kd64/kdprint.c?rev=68899&r1=68898&r2=68899&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/kd64/kdprint.c       [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/kd64/kdprint.c       [iso-8859-1] Tue Sep  1 
17:23:56 2015
@@ -213,6 +213,7 @@
 {
     STRING PromptBuffer, ResponseBuffer;
     BOOLEAN Enable, Resend;
+    PVOID CapturedPrompt, CapturedResponse;
 
     /* Normalize the lengths */
     PromptLength = min(PromptLength, 512);
@@ -221,13 +222,32 @@
     /* Check if we need to verify the string */
     if (PreviousMode != KernelMode)
     {
-        /* FIXME: Handle user-mode */
+        /* Capture user-mode buffers */
+        _SEH2_TRY
+        {
+            ProbeForRead(PromptString, PromptLength, 1);
+            CapturedPrompt = alloca(512);
+            KdpQuickMoveMemory(CapturedPrompt, PromptString, PromptLength);
+            PromptString = CapturedPrompt;
+
+            ProbeForWrite(ResponseString, MaximumResponseLength, 1);
+            CapturedResponse = alloca(512);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            _SEH2_YIELD(return 0);
+        }
+        _SEH2_END;
+    }
+    else
+    {
+        CapturedResponse = ResponseString;
     }
 
     /* Setup the prompt and response  buffers */
     PromptBuffer.Buffer = PromptString;
     PromptBuffer.Length = PromptLength;
-    ResponseBuffer.Buffer = ResponseString;
+    ResponseBuffer.Buffer = CapturedResponse;
     ResponseBuffer.Length = 0;
     ResponseBuffer.MaximumLength = MaximumResponseLength;
 
@@ -248,6 +268,20 @@
 
     /* Exit the debugger */
     KdExitDebugger(Enable);
+
+    /* Copy back response if required */
+    if (PreviousMode != KernelMode)
+    {
+        _SEH2_TRY
+        {
+            KdpQuickMoveMemory(ResponseString, ResponseBuffer.Buffer, 
ResponseBuffer.Length);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            _SEH2_YIELD(return 0);
+        }
+        _SEH2_END;
+    }
 
     /* Return the number of characters received */
     return ResponseBuffer.Length;
@@ -267,6 +301,7 @@
     NTSTATUS ReturnStatus;
     BOOLEAN Enable;
     STRING OutputString;
+    PVOID CapturedString;
 
     /* Assume failure */
     *Handled = FALSE;
@@ -288,7 +323,19 @@
     /* Check if we need to verify the buffer */
     if (PreviousMode != KernelMode)
     {
-        /* FIXME: Support user-mode */
+        /* Capture user-mode buffers */
+        _SEH2_TRY
+        {
+            ProbeForRead(String, Length, 1);
+            CapturedString = alloca(512);
+            KdpQuickMoveMemory(CapturedString, String, Length);
+            String = CapturedString;
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            _SEH2_YIELD(return STATUS_ACCESS_VIOLATION);
+        }
+        _SEH2_END;
     }
 
     /* Setup the output string */

Reply via email to