Author: hbelusca
Date: Mon Nov 7 12:35:09 2016
New Revision: 73166
URL: http://svn.reactos.org/svn/reactos?rev=73166&view=rev
Log:
[NTOS:LPC]
- Capture the ServerView/ClientView *only* when those pointers are not NULL.
- Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught
by Thomas. CORE-7371 CR-100
Modified:
trunk/reactos/ntoskrnl/lpc/complete.c
trunk/reactos/ntoskrnl/lpc/connect.c
trunk/reactos/ntoskrnl/lpc/send.c
Modified: trunk/reactos/ntoskrnl/lpc/complete.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/complete.c?rev=73166&r1=73165&r2=73166&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/lpc/complete.c [iso-8859-1] Mon Nov 7
12:35:09 2016
@@ -84,7 +84,9 @@
ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
/* The following parameters are optional */
- if (ServerView != NULL)
+
+ /* Capture the server view */
+ if (ServerView)
{
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
CapturedServerView = *(volatile PORT_VIEW*)ServerView;
@@ -97,7 +99,8 @@
}
}
- if (ClientView != NULL)
+ /* Capture the client view */
+ if (ClientView)
{
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
@@ -121,19 +124,27 @@
CapturedReplyMessage = *ReplyMessage;
ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
- /* Validate the size of the server view */
- if ((ServerView) && (ServerView->Length != sizeof(*ServerView)))
- {
- /* Invalid size */
- return STATUS_INVALID_PARAMETER;
- }
- CapturedServerView = *ServerView;
-
- /* Validate the size of the client view */
- if ((ClientView) && (ClientView->Length != sizeof(*ClientView)))
- {
- /* Invalid size */
- return STATUS_INVALID_PARAMETER;
+ /* Capture the server view */
+ if (ServerView)
+ {
+ /* Validate the size of the server view */
+ if (ServerView->Length != sizeof(*ServerView))
+ {
+ /* Invalid size */
+ return STATUS_INVALID_PARAMETER;
+ }
+ CapturedServerView = *ServerView;
+ }
+
+ /* Capture the client view */
+ if (ClientView)
+ {
+ /* Validate the size of the client view */
+ if (ClientView->Length != sizeof(*ClientView))
+ {
+ /* Invalid size */
+ return STATUS_INVALID_PARAMETER;
+ }
}
}
Modified: trunk/reactos/ntoskrnl/lpc/connect.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/connect.c?rev=73166&r1=73165&r2=73166&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/lpc/connect.c [iso-8859-1] Mon Nov 7
12:35:09 2016
@@ -130,7 +130,7 @@
/* The following parameters are optional */
/* Capture the client view */
- if (ClientView != NULL)
+ if (ClientView)
{
ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
CapturedClientView = *(volatile PORT_VIEW*)ClientView;
@@ -145,7 +145,7 @@
}
/* Capture the server view */
- if (ServerView != NULL)
+ if (ServerView)
{
ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
@@ -202,7 +202,7 @@
/* The following parameters are optional */
/* Capture the client view */
- if (ClientView != NULL)
+ if (ClientView)
{
/* Validate the size of the client view */
if (ClientView->Length != sizeof(*ClientView))
@@ -214,7 +214,7 @@
}
/* Capture the server view */
- if (ServerView != NULL)
+ if (ServerView)
{
/* Validate the size of the server view */
if (ServerView->Length != sizeof(*ServerView))
Modified: trunk/reactos/ntoskrnl/lpc/send.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/lpc/send.c?rev=73166&r1=73165&r2=73166&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/lpc/send.c [iso-8859-1] Mon Nov 7 12:35:09 2016
@@ -857,7 +857,7 @@
/* Copy it */
LpcpMoveMessage(&Message->Request,
- LpcRequest,
+ &CapturedLpcRequest,
LpcRequest + 1,
MessageType,
&Thread->Cid);
