[ros-diffs] [dgorbachev] 41076: Fix buffer overflow, add some debug prints.
dgorbachev at svn.reactos.org
dgorbachev at svn.reactos.org
Sat May 23 17:02:20 CEST 2009
Author: dgorbachev
Date: Sat May 23 19:02:19 2009
New Revision: 41076
URL: http://svn.reactos.org/svn/reactos?rev=41076&view=rev
Log:
Fix buffer overflow, add some debug prints.
Modified:
trunk/reactos/base/system/smss/smapi.c
trunk/reactos/include/reactos/subsys/sm/api.h
Modified: trunk/reactos/base/system/smss/smapi.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/smss/smapi.c?rev=41076&r1=41075&r2=41076&view=diff
==============================================================================
--- trunk/reactos/base/system/smss/smapi.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/smss/smapi.c [iso-8859-1] Sat May 23 19:02:19 2009
@@ -68,7 +68,7 @@
ULONG CallbackPortNameLength = SM_SB_NAME_MAX_LENGTH; /* TODO: compute length */
SB_CONNECT_DATA SbConnectData;
ULONG SbConnectDataLength = sizeof SbConnectData;
- SECURITY_QUALITY_OF_SERVICE SecurityQos;
+ SECURITY_QUALITY_OF_SERVICE SecurityQos;
DPRINT("SM: %s called\n", __FUNCTION__);
@@ -118,7 +118,7 @@
HANDLE ConnectedPort = * (PHANDLE) pConnectedPort;
DPRINT("SM: %s called\n", __FUNCTION__);
- RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE));
+ RtlZeroMemory(&Request, sizeof(SM_PORT_MESSAGE));
while (TRUE)
{
@@ -160,10 +160,13 @@
}
} else {
/* LPC failed */
+ DPRINT1("SM: %s: NtReplyWaitReceivePort() failed (Status=0x%08lx)\n",
+ __FUNCTION__, Status);
break;
}
}
NtClose (ConnectedPort);
+ DPRINT("SM: %s done\n", __FUNCTION__);
NtTerminateThread (NtCurrentThread(), Status);
}
@@ -267,7 +270,7 @@
__FUNCTION__, Status);
return Status;
} else {
- DPRINT("SM: %s: completing conn req\n", __FUNCTION__);
+ DPRINT("SM: %s: completing connection request\n", __FUNCTION__);
Status = NtCompleteConnectPort (*ClientDataApiPort);
if (!NT_SUCCESS(Status))
{
@@ -293,6 +296,7 @@
* necessary in NT LPC, because server side connected ports are
* never used to receive requests.
*/
+#if 0
VOID NTAPI
SmpApiThread (HANDLE ListeningPort)
{
@@ -323,7 +327,7 @@
/* DIE */
NtTerminateThread(NtCurrentThread(), Status);
}
-
+#endif
/* LPC PORT INITIALIZATION **************************************************/
@@ -338,7 +342,7 @@
SmCreateApiPort(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes = {0};
- UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(L"\\SmApiPort");
+ UNICODE_STRING UnicodeString = RTL_CONSTANT_STRING(SM_API_PORT_NAME);
NTSTATUS Status = STATUS_SUCCESS;
InitializeObjectAttributes(&ObjectAttributes,
Modified: trunk/reactos/include/reactos/subsys/sm/api.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/subsys/sm/api.h?rev=41076&r1=41075&r2=41076&view=diff
==============================================================================
--- trunk/reactos/include/reactos/subsys/sm/api.h [iso-8859-1] (original)
+++ trunk/reactos/include/reactos/subsys/sm/api.h [iso-8859-1] Sat May 23 19:02:19 2009
@@ -1,4 +1,3 @@
-/* $Id$ */
#ifndef __SM_API_H
#define __SM_API_H
@@ -107,7 +106,7 @@
/*** | ****************************************************************/
-typedef union _SM_PORT_MESSAGE
+typedef struct _SM_PORT_MESSAGE
{
/*** LPC common header ***/
PORT_MESSAGE Header;
@@ -115,7 +114,6 @@
{
struct
{
- UCHAR LpcHeader[sizeof(PORT_MESSAGE)];
/*** SM common header ***/
struct
{
@@ -139,7 +137,7 @@
} Reply;
};
};
- UCHAR PadBuffer[PORT_MAXIMUM_MESSAGE_LENGTH];
+ SM_CONNECT_DATA ConnectData;
};
} SM_PORT_MESSAGE, * PSM_PORT_MESSAGE;
More information about the Ros-diffs
mailing list