[ros-diffs] [fireball] 38560: Dmitry Chapyshev - Add more length checks to NtQueryInformationProcess, inspired by r28570.

fireball at svn.reactos.org fireball at svn.reactos.org
Sun Jan 4 12:56:14 CET 2009


Author: fireball
Date: Sun Jan  4 05:56:14 2009
New Revision: 38560

URL: http://svn.reactos.org/svn/reactos?rev=38560&view=rev
Log:
Dmitry Chapyshev
- Add more length checks to NtQueryInformationProcess, inspired by r28570.

Modified:
    trunk/reactos/ntoskrnl/ps/query.c

Modified: trunk/reactos/ntoskrnl/ps/query.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ps/query.c?rev=38560&r1=38559&r2=38560&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ps/query.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ps/query.c [iso-8859-1] Sun Jan  4 05:56:14 2009
@@ -120,7 +120,7 @@
             /* Set return length */
             Length = sizeof(PROCESS_BASIC_INFORMATION);
 
-            if ( ProcessInformationLength != Length )
+            if (ProcessInformationLength != Length)
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
@@ -152,7 +152,7 @@
         case ProcessIoCounters:
 
             Length = sizeof(IO_COUNTERS);
-            if ( ProcessInformationLength != Length )
+            if (ProcessInformationLength != Length)
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
@@ -167,7 +167,7 @@
             /* Set the return length */
             Length = sizeof(KERNEL_USER_TIMES);
 
-            if ( ProcessInformationLength != Length )
+            if (ProcessInformationLength != Length)
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
@@ -195,15 +195,20 @@
         /* Process Debug Port */
         case ProcessDebugPort:
 
+            /* Set return length */
+            Length = sizeof(HANDLE);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Protect write with SEH */
             _SEH2_TRY
             {
                 /* Return whether or not we have a debug port */
                 *(PHANDLE)ProcessInformation = (Process->DebugPort ?
                                                 (HANDLE)-1 : NULL);
-
-                /* Set the return length*/
-                Length = sizeof(HANDLE);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
@@ -225,7 +230,7 @@
             /* Set the return length*/
             Length = sizeof(ULONG);
 
-            if ( ProcessInformationLength != Length )
+            if (ProcessInformationLength != Length)
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
@@ -251,14 +256,19 @@
         /* Session ID for the process */
         case ProcessSessionInformation:
 
+            /* Set the return length*/
+            Length = sizeof(PROCESS_SESSION_INFORMATION);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Enter SEH for write safety */
             _SEH2_TRY
             {
                 /* Write back the Session ID */
                 SessionInfo->SessionId = Process->Session;
-
-                /* Set the return length */
-                Length = sizeof(PROCESS_SESSION_INFORMATION);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
@@ -279,7 +289,7 @@
             /* Set the return length */
             Length = sizeof(VM_COUNTERS);
 
-            if ( ProcessInformationLength != Length )
+            if (ProcessInformationLength != Length)
             {
                 Status = STATUS_INFO_LENGTH_MISMATCH;
                 break;
@@ -313,15 +323,20 @@
         /* Hard Error Processing Mode */
         case ProcessDefaultHardErrorMode:
 
+            /* Set the return length*/
+            Length = sizeof(ULONG);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Write the current processing mode */
                 *(PULONG)ProcessInformation = Process->
                                               DefaultHardErrorProcessing;
-
-                /* Set the return length */
-                Length = sizeof(ULONG);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
@@ -334,15 +349,20 @@
         /* Priority Boosting status */
         case ProcessPriorityBoost:
 
+            /* Set the return length*/
+            Length = sizeof(ULONG);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return boost status */
                 *(PULONG)ProcessInformation = Process->Pcb.DisableBoost ?
                                               TRUE : FALSE;
-
-                /* Set the return length */
-                Length = sizeof(ULONG);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
@@ -355,6 +375,14 @@
         /* DOS Device Map */
         case ProcessDeviceMap:
 
+            /* Set the return length*/
+            Length = sizeof(PROCESS_DEVICEMAP_INFORMATION);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Query the device map information */
             ObQueryDeviceMapInformation(Process, &DeviceMap);
 
@@ -362,9 +390,6 @@
             _SEH2_TRY
             {
                 *(PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation = DeviceMap;
-
-                /* Set the return length */
-                Length = sizeof(PROCESS_DEVICEMAP_INFORMATION);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {
@@ -377,14 +402,19 @@
         /* Priority class */
         case ProcessPriorityClass:
 
+            /* Set the return length*/
+            Length = sizeof(USHORT);
+
+            if (ProcessInformationLength != Length)
+            {
+                Status = STATUS_INFO_LENGTH_MISMATCH;
+                break;
+            }
             /* Enter SEH for writing back data */
             _SEH2_TRY
             {
                 /* Return current priority class */
                 *(PUSHORT)ProcessInformation = Process->PriorityClass;
-
-                /* Set the return length */
-                Length = sizeof(USHORT);
             }
             _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
             {



More information about the Ros-diffs mailing list