[5/5] server: Fix crash when calling SetNamedPipeHandleState on partially closed pipe.
Sebastian Lackner
sebastian at fds-team.de
Mon Nov 23 00:24:07 CST 2015
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
dlls/kernel32/tests/pipe.c | 12 ++++++++++++
server/named_pipe.c | 6 +++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/dlls/kernel32/tests/pipe.c b/dlls/kernel32/tests/pipe.c
index 842376a..60336f8 100644
--- a/dlls/kernel32/tests/pipe.c
+++ b/dlls/kernel32/tests/pipe.c
@@ -1427,6 +1427,9 @@ static void test_CloseHandle(void)
ret = GetNamedPipeHandleStateA(hfile, &state, NULL, NULL, NULL, NULL, 0);
ok(ret, "GetNamedPipeHandleState failed with %u\n", GetLastError());
+ state = PIPE_READMODE_MESSAGE | PIPE_WAIT;
+ ret = SetNamedPipeHandleState(hfile, &state, NULL, NULL);
+ ok(ret, "SetNamedPipeHandleState failed with %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ReadFile(hfile, buffer, 0, &numbytes, NULL);
@@ -1464,6 +1467,9 @@ static void test_CloseHandle(void)
ret = GetNamedPipeHandleStateA(hfile, &state, NULL, NULL, NULL, NULL, 0);
ok(ret, "GetNamedPipeHandleState failed with %u\n", GetLastError());
+ state = PIPE_READMODE_MESSAGE | PIPE_WAIT;
+ ret = SetNamedPipeHandleState(hfile, &state, NULL, NULL);
+ ok(ret, "SetNamedPipeHandleState failed with %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ReadFile(hfile, buffer, 0, &numbytes, NULL);
@@ -1515,6 +1521,9 @@ static void test_CloseHandle(void)
ret = GetNamedPipeHandleStateA(hpipe, &state, NULL, NULL, NULL, NULL, 0);
ok(ret, "GetNamedPipeHandleState failed with %u\n", GetLastError());
+ state = PIPE_READMODE_MESSAGE | PIPE_WAIT;
+ ret = SetNamedPipeHandleState(hpipe, &state, NULL, NULL);
+ ok(ret, "SetNamedPipeHandleState failed with %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ReadFile(hpipe, buffer, 0, &numbytes, NULL);
@@ -1552,6 +1561,9 @@ static void test_CloseHandle(void)
ret = GetNamedPipeHandleStateA(hpipe, &state, NULL, NULL, NULL, NULL, 0);
ok(ret, "GetNamedPipeHandleState failed with %u\n", GetLastError());
+ state = PIPE_READMODE_MESSAGE | PIPE_WAIT;
+ ret = SetNamedPipeHandleState(hpipe, &state, NULL, NULL);
+ ok(ret, "SetNamedPipeHandleState failed with %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ReadFile(hpipe, buffer, 0, &numbytes, NULL);
diff --git a/server/named_pipe.c b/server/named_pipe.c
index 1c9143f..8d5753a 100644
--- a/server/named_pipe.c
+++ b/server/named_pipe.c
@@ -1046,7 +1046,11 @@ DECL_HANDLER(set_named_pipe_info)
client = (struct pipe_client *)get_handle_obj( current->process, req->handle,
0, &pipe_client_ops );
if (!client) return;
- server = client->server;
+ if (!(server = client->server))
+ {
+ release_object( client );
+ return;
+ }
}
if ((req->flags & ~(NAMED_PIPE_MESSAGE_STREAM_READ | NAMED_PIPE_NONBLOCKING_MODE)) ||
--
2.6.2
More information about the wine-patches
mailing list