Rob Shearman : server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes .
Module: wine Branch: master Commit: f98556c119d3f55ba26f4e737db8766b8dfd13c4 URL: http://source.winehq.org/git/wine.git/?a=commit;h=f98556c119d3f55ba26f4e737d...
Author: Rob Shearman rob@codeweavers.com Date: Fri Oct 26 17:01:33 2007 +0100
server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes.
---
dlls/ntdll/sync.c | 3 +++ dlls/ntdll/virtual.c | 1 + server/event.c | 5 +---- server/mapping.c | 5 +---- server/mutex.c | 5 +---- server/protocol.def | 1 + server/security.h | 5 +++++ server/semaphore.c | 4 +--- server/token.c | 3 ++- server/trace.c | 12 +++++++----- 10 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/dlls/ntdll/sync.c b/dlls/ntdll/sync.c index 191cd07..47c8461 100644 --- a/dlls/ntdll/sync.c +++ b/dlls/ntdll/sync.c @@ -154,6 +154,7 @@ NTSTATUS WINAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0; objattr.sd_len = 0; + objattr.name_len = len; if (attr) { ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len ); @@ -262,6 +263,7 @@ NTSTATUS WINAPI NtCreateEvent(
objattr.rootdir = attr ? attr->RootDirectory : 0; objattr.sd_len = 0; + objattr.name_len = len; if (attr) { ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len ); @@ -425,6 +427,7 @@ NTSTATUS WINAPI NtCreateMutant(OUT HANDLE* MutantHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0; objattr.sd_len = 0; + objattr.name_len = len; if (attr) { status = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len ); diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 2c08a16..684fa5d 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -1864,6 +1864,7 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC
objattr.rootdir = attr ? attr->RootDirectory : 0; objattr.sd_len = 0; + objattr.name_len = len; if (attr) { ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len ); diff --git a/server/event.c b/server/event.c index f866211..99d0f4b 100644 --- a/server/event.c +++ b/server/event.c @@ -180,10 +180,7 @@ DECL_HANDLER(create_event) return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL; - - /* get unicode string */ - name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR); - name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); + objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 ))) return; diff --git a/server/mapping.c b/server/mapping.c index 8f1bf5c..bd21a50 100644 --- a/server/mapping.c +++ b/server/mapping.c @@ -408,10 +408,7 @@ DECL_HANDLER(create_mapping) return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL; - - /* get unicode string */ - name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR); - name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); + objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 ))) return; diff --git a/server/mutex.c b/server/mutex.c index 7064c6f..979f21f 100644 --- a/server/mutex.c +++ b/server/mutex.c @@ -205,10 +205,7 @@ DECL_HANDLER(create_mutex) return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL; - - /* get unicode string */ - name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR); - name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); + objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 ))) return; diff --git a/server/protocol.def b/server/protocol.def index d336af6..1ecc886 100644 --- a/server/protocol.def +++ b/server/protocol.def @@ -237,6 +237,7 @@ struct object_attributes { obj_handle_t rootdir; /* root directory */ data_size_t sd_len; /* length of security_descriptor data. may be 0 */ + data_size_t name_len; /* length of the name string. may be 0 */ /* VARARG(sd,security_descriptor); */ /* VARARG(name,unicode_str); */ }; diff --git a/server/security.h b/server/security.h index 50fba52..ebdf95f 100644 --- a/server/security.h +++ b/server/security.h @@ -131,3 +131,8 @@ static inline const SID *sd_get_group( const struct security_descriptor *sd ) /* determines whether an object_attributes struct is valid in a buffer * and calls set_error appropriately */ extern int objattr_is_valid( const struct object_attributes *objattr, data_size_t size ); +static inline void objattr_get_name( const struct object_attributes *objattr, struct unicode_str *name ) +{ + name->len = ((objattr->name_len) / sizeof(WCHAR)) * sizeof(WCHAR); + name->str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); +} diff --git a/server/semaphore.c b/server/semaphore.c index a8318cd..09445e1 100644 --- a/server/semaphore.c +++ b/server/semaphore.c @@ -180,10 +180,8 @@ DECL_HANDLER(create_semaphore) return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL; + objattr_get_name( objattr, &name );
- /* get unicode string */ - name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR); - name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 ))) return;
diff --git a/server/token.c b/server/token.c index 665ed48..93696d9 100644 --- a/server/token.c +++ b/server/token.c @@ -309,7 +309,8 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size ) * and calls set_error appropriately */ int objattr_is_valid( const struct object_attributes *objattr, data_size_t size ) { - if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len)) + if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len) || + (size - sizeof(*objattr) - objattr->sd_len < objattr->name_len)) { set_error( STATUS_ACCESS_VIOLATION ); return FALSE; diff --git a/server/trace.c b/server/trace.c index 30d6efd..0f0e17d 100644 --- a/server/trace.c +++ b/server/trace.c @@ -790,14 +790,16 @@ static void dump_varargs_object_attributes( data_size_t size ) { const WCHAR *str; fprintf( stderr, "rootdir=%p,sd=", objattr->rootdir ); - if (objattr->sd_len > size - sizeof(*objattr)) return; + if (objattr->sd_len > size - sizeof(*objattr) || + objattr->name_len > size - sizeof(*objattr) - objattr->sd_len) + return; dump_inline_security_descriptor( (const struct security_descriptor *)(objattr + 1), objattr->sd_len ); - str = (const WCHAR *)cur_data + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); + str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR); fprintf( stderr, ",name=L"" ); - dump_strW( str, (size - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR), - stderr, """" ); + dump_strW( str, objattr->name_len / sizeof(WCHAR), stderr, """" ); fputc( '"', stderr ); - remove_data( size ); + remove_data( ((sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR) + + objattr->name_len ); } fputc( '}', stderr ); }
-
Alexandre Julliard