Rob Shearman : server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes .
Alexandre Julliard
julliard at winehq.org
Tue Oct 30 08:32:51 CDT 2007
Module: wine
Branch: master
Commit: f98556c119d3f55ba26f4e737db8766b8dfd13c4
URL: http://source.winehq.org/git/wine.git/?a=commit;h=f98556c119d3f55ba26f4e737db8766b8dfd13c4
Author: Rob Shearman <rob at codeweavers.com>
Date: Fri Oct 26 17:01:33 2007 +0100
server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes.
---
dlls/ntdll/sync.c | 3 +++
dlls/ntdll/virtual.c | 1 +
server/event.c | 5 +----
server/mapping.c | 5 +----
server/mutex.c | 5 +----
server/protocol.def | 1 +
server/security.h | 5 +++++
server/semaphore.c | 4 +---
server/token.c | 3 ++-
server/trace.c | 12 +++++++-----
10 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/dlls/ntdll/sync.c b/dlls/ntdll/sync.c
index 191cd07..47c8461 100644
--- a/dlls/ntdll/sync.c
+++ b/dlls/ntdll/sync.c
@@ -154,6 +154,7 @@ NTSTATUS WINAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
+ objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@@ -262,6 +263,7 @@ NTSTATUS WINAPI NtCreateEvent(
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
+ objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@@ -425,6 +427,7 @@ NTSTATUS WINAPI NtCreateMutant(OUT HANDLE* MutantHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
+ objattr.name_len = len;
if (attr)
{
status = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 2c08a16..684fa5d 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1864,6 +1864,7 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
+ objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
diff --git a/server/event.c b/server/event.c
index f866211..99d0f4b 100644
--- a/server/event.c
+++ b/server/event.c
@@ -180,10 +180,7 @@ DECL_HANDLER(create_event)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
-
- /* get unicode string */
- name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
- name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
+ objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;
diff --git a/server/mapping.c b/server/mapping.c
index 8f1bf5c..bd21a50 100644
--- a/server/mapping.c
+++ b/server/mapping.c
@@ -408,10 +408,7 @@ DECL_HANDLER(create_mapping)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
-
- /* get unicode string */
- name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
- name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
+ objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;
diff --git a/server/mutex.c b/server/mutex.c
index 7064c6f..979f21f 100644
--- a/server/mutex.c
+++ b/server/mutex.c
@@ -205,10 +205,7 @@ DECL_HANDLER(create_mutex)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
-
- /* get unicode string */
- name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
- name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
+ objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;
diff --git a/server/protocol.def b/server/protocol.def
index d336af6..1ecc886 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -237,6 +237,7 @@ struct object_attributes
{
obj_handle_t rootdir; /* root directory */
data_size_t sd_len; /* length of security_descriptor data. may be 0 */
+ data_size_t name_len; /* length of the name string. may be 0 */
/* VARARG(sd,security_descriptor); */
/* VARARG(name,unicode_str); */
};
diff --git a/server/security.h b/server/security.h
index 50fba52..ebdf95f 100644
--- a/server/security.h
+++ b/server/security.h
@@ -131,3 +131,8 @@ static inline const SID *sd_get_group( const struct security_descriptor *sd )
/* determines whether an object_attributes struct is valid in a buffer
* and calls set_error appropriately */
extern int objattr_is_valid( const struct object_attributes *objattr, data_size_t size );
+static inline void objattr_get_name( const struct object_attributes *objattr, struct unicode_str *name )
+{
+ name->len = ((objattr->name_len) / sizeof(WCHAR)) * sizeof(WCHAR);
+ name->str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
+}
diff --git a/server/semaphore.c b/server/semaphore.c
index a8318cd..09445e1 100644
--- a/server/semaphore.c
+++ b/server/semaphore.c
@@ -180,10 +180,8 @@ DECL_HANDLER(create_semaphore)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
+ objattr_get_name( objattr, &name );
- /* get unicode string */
- name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
- name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;
diff --git a/server/token.c b/server/token.c
index 665ed48..93696d9 100644
--- a/server/token.c
+++ b/server/token.c
@@ -309,7 +309,8 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
* and calls set_error appropriately */
int objattr_is_valid( const struct object_attributes *objattr, data_size_t size )
{
- if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len))
+ if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len) ||
+ (size - sizeof(*objattr) - objattr->sd_len < objattr->name_len))
{
set_error( STATUS_ACCESS_VIOLATION );
return FALSE;
diff --git a/server/trace.c b/server/trace.c
index 30d6efd..0f0e17d 100644
--- a/server/trace.c
+++ b/server/trace.c
@@ -790,14 +790,16 @@ static void dump_varargs_object_attributes( data_size_t size )
{
const WCHAR *str;
fprintf( stderr, "rootdir=%p,sd=", objattr->rootdir );
- if (objattr->sd_len > size - sizeof(*objattr)) return;
+ if (objattr->sd_len > size - sizeof(*objattr) ||
+ objattr->name_len > size - sizeof(*objattr) - objattr->sd_len)
+ return;
dump_inline_security_descriptor( (const struct security_descriptor *)(objattr + 1), objattr->sd_len );
- str = (const WCHAR *)cur_data + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
+ str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
fprintf( stderr, ",name=L\"" );
- dump_strW( str, (size - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR),
- stderr, "\"\"" );
+ dump_strW( str, objattr->name_len / sizeof(WCHAR), stderr, "\"\"" );
fputc( '\"', stderr );
- remove_data( size );
+ remove_data( ((sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR) +
+ objattr->name_len );
}
fputc( '}', stderr );
}
More information about the wine-cvs
mailing list