Alexandre Julliard : ntdll: Return an error instead of dying in wine_server_call if the input buffer is invalid .

Alexandre Julliard julliard at wine.codeweavers.com
Mon Aug 20 07:42:45 CDT 2007 

Module: wine
Branch: master
Commit: 7378fac50582b46b89e0d97f36ffb2dfc334952e
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=7378fac50582b46b89e0d97f36ffb2dfc334952e

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Mon Aug 20 14:40:18 2007 +0200

ntdll: Return an error instead of dying in wine_server_call if the input buffer is invalid.

---

 dlls/ntdll/server.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/dlls/ntdll/server.c b/dlls/ntdll/server.c
index 29c9cfd..33f81dc 100644
--- a/dlls/ntdll/server.c
+++ b/dlls/ntdll/server.c
@@ -219,7 +219,7 @@ void server_protocol_perror( const char *err )
  *
  * Send a request to the server.
  */
-static void send_request( const struct __server_request_info *req )
+static unsigned int send_request( const struct __server_request_info *req )
 {
     unsigned int i;
     int ret;
@@ -227,7 +227,7 @@ static void send_request( const struct __server_request_info *req )
     if (!req->u.req.request_header.request_size)
     {
         if ((ret = write( ntdll_get_thread_data()->request_fd, &req->u.req,
-                          sizeof(req->u.req) )) == sizeof(req->u.req)) return;
+                          sizeof(req->u.req) )) == sizeof(req->u.req)) return STATUS_SUCCESS;
 
     }
     else
@@ -242,11 +242,12 @@ static void send_request( const struct __server_request_info *req )
             vec[i+1].iov_len = req->data[i].size;
         }
         if ((ret = writev( ntdll_get_thread_data()->request_fd, vec, i+1 )) ==
-            req->u.req.request_header.request_size + sizeof(req->u.req)) return;
+            req->u.req.request_header.request_size + sizeof(req->u.req)) return STATUS_SUCCESS;
     }
 
     if (ret >= 0) server_protocol_error( "partial write %d\n", ret );
     if (errno == EPIPE) server_abort_thread(0);
+    if (errno == EFAULT) return STATUS_ACCESS_VIOLATION;
     server_protocol_perror( "write" );
 }
 
@@ -283,11 +284,12 @@ static void read_reply_data( void *buffer, size_t size )
  *
  * Wait for a reply from the server.
  */
-static inline void wait_reply( struct __server_request_info *req )
+static inline unsigned int wait_reply( struct __server_request_info *req )
 {
     read_reply_data( &req->u.reply, sizeof(req->u.reply) );
     if (req->u.reply.reply_header.reply_size)
         read_reply_data( req->reply_data, req->u.reply.reply_header.reply_size );
+    return req->u.reply.reply_header.error;
 }
 
 
@@ -317,12 +319,13 @@ unsigned int wine_server_call( void *req_ptr )
 {
     struct __server_request_info * const req = req_ptr;
     sigset_t old_set;
+    unsigned int ret;
 
     pthread_functions.sigprocmask( SIG_BLOCK, &server_block_set, &old_set );
-    send_request( req );
-    wait_reply( req );
+    ret = send_request( req );
+    if (!ret) ret = wait_reply( req );
     pthread_functions.sigprocmask( SIG_SETMASK, &old_set, NULL );
-    return req->u.reply.reply_header.error;
+    return ret;
 }

More information about the wine-cvs mailing list