ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: Always clear the returned handle in Nt object functions. 

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2021-07-23 11:14:08 +02:00
parent b0a7a6527c
commit 3fb4d1f779
9 changed files with 354 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dlls/ntdll/tests/info.c
View File

@ -3081,6 +3081,8 @@ static void test_thread_lookup(void)
cid.UniqueThread = ULongToHandle(GetCurrentThreadId());
status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid);
ok(!status, "NtOpenThread returned %#x\n", status);
status = pNtOpenThread((HANDLE *)0xdeadbee0, THREAD_QUERY_INFORMATION, &attr, &cid);
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenThread returned %#x\n", status);
status = pNtQueryObject(handle, ObjectBasicInformation, &obj_info, sizeof(obj_info), NULL);
ok(!status, "NtQueryObject returned: %#x\n", status);
@ -3110,16 +3112,21 @@ static void test_thread_lookup(void)
cid.UniqueProcess = ULongToHandle(0xdeadbeef);
cid.UniqueThread = ULongToHandle(GetCurrentThreadId());
status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid);
handle = (HANDLE)0xdeadbeef;
status = NtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid);
todo_wine
ok(status == STATUS_INVALID_CID, "NtOpenThread returned %#x\n", status);
todo_wine
ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle );
if (!status) pNtClose(handle);
cid.UniqueProcess = 0;
cid.UniqueThread = ULongToHandle(0xdeadbeef);
handle = (HANDLE)0xdeadbeef;
status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid);
ok(status == STATUS_INVALID_CID || broken(status == STATUS_INVALID_PARAMETER) /* winxp */,
"NtOpenThread returned %#x\n", status);
ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle );
}
static void test_thread_info(void)

310
dlls/ntdll/tests/om.c
View File

@ -80,6 +80,10 @@ static NTSTATUS (WINAPI *pNtOpenProcess)( HANDLE *, ACCESS_MASK, const OBJECT_AT
static NTSTATUS (WINAPI *pNtCreateDebugObject)( HANDLE *, ACCESS_MASK, OBJECT_ATTRIBUTES *, ULONG );
static NTSTATUS (WINAPI *pNtGetNextThread)(HANDLE process, HANDLE thread, ACCESS_MASK access, ULONG attributes,
ULONG flags, HANDLE *handle);
static NTSTATUS (WINAPI *pNtOpenProcessToken)(HANDLE,DWORD,HANDLE*);
static NTSTATUS (WINAPI *pNtOpenThreadToken)(HANDLE,DWORD,BOOLEAN,HANDLE*);
static NTSTATUS (WINAPI *pNtDuplicateToken)(HANDLE,ACCESS_MASK,OBJECT_ATTRIBUTES*,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,HANDLE*);
static NTSTATUS (WINAPI *pNtDuplicateObject)(HANDLE,HANDLE,HANDLE,HANDLE*,ACCESS_MASK,ULONG,ULONG);
#define KEYEDEVENT_WAIT 0x0001
#define KEYEDEVENT_WAKE 0x0002
@ -144,21 +148,29 @@ static void test_namespace_pipe(void)
pRtlInitUnicodeString(&str, L"\\??\\PIPE\\test\\pipe");
InitializeObjectAttributes(&attr, &str, 0, 0, NULL);
status = pNtCreateNamedPipeFile((HANDLE *)0xdeadbee0, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout);
ok(status == STATUS_ACCESS_VIOLATION, "Failed to create NamedPipe(%08x)\n", status);
status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout);
ok(status == STATUS_SUCCESS, "Failed to create NamedPipe(%08x)\n", status);
status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
h = (HANDLE)0xdeadbeef;
status = pNtCreateNamedPipeFile(&h, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout);
ok(status == STATUS_INSTANCE_NOT_AVAILABLE,
"NtCreateNamedPipeFile should have failed with STATUS_INSTANCE_NOT_AVAILABLE got(%08x)\n", status);
ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h );
pRtlInitUnicodeString(&str, L"\\??\\PIPE\\TEST\\PIPE");
InitializeObjectAttributes(&attr, &str, 0, 0, NULL);
status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
h = (HANDLE)0xdeadbeef;
status = pNtCreateNamedPipeFile(&h, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout);
ok(status == STATUS_INSTANCE_NOT_AVAILABLE,
"NtCreateNamedPipeFile should have failed with STATUS_INSTANCE_NOT_AVAILABLE got(%08x)\n", status);
ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h );
h = CreateFileA("\\\\.\\pipe\\test\\pipe", GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, 0 );
@ -167,19 +179,23 @@ static void test_namespace_pipe(void)
pRtlInitUnicodeString(&str, L"\\??\\pipe\\test\\pipe");
InitializeObjectAttributes(&attr, &str, 0, 0, NULL);
h = (HANDLE)0xdeadbeef;
status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0);
ok(status == STATUS_OBJECT_PATH_NOT_FOUND ||
status == STATUS_PIPE_NOT_AVAILABLE ||
status == STATUS_OBJECT_NAME_INVALID || /* vista */
status == STATUS_OBJECT_NAME_NOT_FOUND, /* win8 */
"NtOpenFile should have failed with STATUS_OBJECT_PATH_NOT_FOUND got(%08x)\n", status);
ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h );
pRtlInitUnicodeString(&str, L"\\??\\pipe\\test");
InitializeObjectAttributes(&attr, &str, OBJ_CASE_INSENSITIVE, 0, NULL);
h = (HANDLE)0xdeadbeef;
status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0);
ok(status == STATUS_OBJECT_NAME_NOT_FOUND ||
status == STATUS_OBJECT_NAME_INVALID, /* vista */
"NtOpenFile should have failed with STATUS_OBJECT_NAME_NOT_FOUND got(%08x)\n", status);
ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h );
str.Length -= 4 * sizeof(WCHAR);
status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0);
@ -361,69 +377,174 @@ static void test_all_kernel_objects( UINT line, OBJECT_ATTRIBUTES *attr,
RtlInitUnicodeString( &target, L"\\DosDevices" );
size.QuadPart = 4096;
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateMutant( &ret, GENERIC_ALL, attr, FALSE );
ok( status == create_expect, "%u: NtCreateMutant failed %x\n", line, status );
status2 = pNtOpenMutant( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenMutant failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateMutant handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenMutant handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateSemaphore( &ret, GENERIC_ALL, attr, 1, 2 );
ok( status == create_expect, "%u: NtCreateSemaphore failed %x\n", line, status );
status2 = pNtOpenSemaphore( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenSemaphore failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSemaphore handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenSemaphore handle %p\n", line, ret );
ret = (HANDLE)0xdeadbeef;
status = pNtCreateSemaphore( &ret, GENERIC_ALL, attr, 2, 1 );
ok( status == STATUS_INVALID_PARAMETER ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateSemaphore failed %x\n", line, status );
ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSemaphore handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateEvent( &ret, GENERIC_ALL, attr, SynchronizationEvent, 0 );
ok( status == create_expect, "%u: NtCreateEvent failed %x\n", line, status );
status2 = pNtOpenEvent( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenEvent failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateEvent handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenEvent handle %p\n", line, ret );
ret = (HANDLE)0xdeadbeef;
status = pNtCreateEvent( &ret, GENERIC_ALL, attr, 2, 0 );
ok( status == STATUS_INVALID_PARAMETER ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateEvent failed %x\n", line, status );
ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateEvent handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateKeyedEvent( &ret, GENERIC_ALL, attr, 0 );
ok( status == create_expect, "%u: NtCreateKeyedEvent failed %x\n", line, status );
status2 = pNtOpenKeyedEvent( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenKeyedEvent failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateKeyedEvent handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenKeyedEvent handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateTimer( &ret, GENERIC_ALL, attr, NotificationTimer );
ok( status == create_expect, "%u: NtCreateTimer failed %x\n", line, status );
status2 = pNtOpenTimer( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenTimer failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateTimer handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenTimer handle %p\n", line, ret );
ret = (HANDLE)0xdeadbeef;
status = pNtCreateTimer( &ret, GENERIC_ALL, attr, 2 );
ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PARAMETER_4 ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateTimer failed %x\n", line, status );
ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateTimer handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateIoCompletion( &ret, GENERIC_ALL, attr, 0 );
ok( status == create_expect, "%u: NtCreateCompletion failed %x\n", line, status );
ok( status == create_expect, "%u: NtCreateIoCompletion failed %x\n", line, status );
status2 = pNtOpenIoCompletion( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenCompletion failed %x\n", line, status2 );
ok( status2 == open_expect, "%u: NtOpenIoCompletion failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateIoCompletion handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenIoCompletion handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateJobObject( &ret, GENERIC_ALL, attr );
ok( status == create_expect, "%u: NtCreateJobObject failed %x\n", line, status );
status2 = pNtOpenJobObject( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenJobObject failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateJobObject handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenJobObject handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateDirectoryObject( &ret, GENERIC_ALL, attr );
ok( status == create_expect, "%u: NtCreateDirectoryObject failed %x\n", line, status );
status2 = pNtOpenDirectoryObject( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenDirectoryObject failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateDirectoryObject handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenDirectoryObject handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, attr, &target );
ok( status == create_expect, "%u: NtCreateSymbolicLinkObject failed %x\n", line, status );
status2 = pNtOpenSymbolicLinkObject( &ret2, GENERIC_ALL, attr );
ok( status2 == open_expect, "%u: NtOpenSymbolicLinkObject failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSymbolicLinkObject handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenSymbolicLinkObject handle %p\n", line, ret );
ret = (HANDLE)0xdeadbeef;
target.MaximumLength = 0;
status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, attr, &target );
ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PARAMETER_4 ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateSymbolicLinkObject failed %x\n", line, status );
ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSymbolicLinkObject handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateSection( &ret, SECTION_MAP_WRITE, attr, &size, PAGE_READWRITE, SEC_COMMIT, 0 );
ok( status == create_expect, "%u: NtCreateSection failed %x\n", line, status );
status2 = pNtOpenSection( &ret2, SECTION_MAP_WRITE, attr );
ok( status2 == open_expect, "%u: NtOpenSection failed %x\n", line, status2 );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSection handle %p\n", line, ret );
if (!status2) pNtClose( ret2 );
else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtOpenSection handle %p\n", line, ret );
ret = (HANDLE)0xdeadbeef;
status = pNtCreateSection( &ret, SECTION_MAP_WRITE, attr, &size, 0x1234, SEC_COMMIT, 0 );
ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PAGE_PROTECTION ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateSection failed %x\n", line, status );
ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateSection handle %p\n", line, ret );
ret = ret2 = (HANDLE)0xdeadbeef;
status = pNtCreateDebugObject( &ret, DEBUG_ALL_ACCESS, attr, 0 );
ok( status == create_expect, "%u: NtCreateDebugObject failed %x\n", line, status );
if (!status) pNtClose( ret );
else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateDebugObject handle %p\n", line, ret );
status = pNtCreateDebugObject( &ret2, DEBUG_ALL_ACCESS, attr, 0xdead );
ok( status == STATUS_INVALID_PARAMETER ||
(status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION),
"%u: NtCreateDebugObject failed %x\n", line, status );
ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */,
"%u: NtCreateDebugObject handle %p\n", line, ret );
}
static void test_name_limits(void)
@ -567,6 +688,18 @@ static void test_name_limits(void)
attr2.ObjectName = attr3.ObjectName = NULL;
test_all_kernel_objects( __LINE__, &attr2, STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_INVALID );
test_all_kernel_objects( __LINE__, &attr3, STATUS_SUCCESS, STATUS_OBJECT_PATH_SYNTAX_BAD );
attr2.ObjectName = attr3.ObjectName = (void *)0xdeadbeef;
test_all_kernel_objects( __LINE__, &attr2, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION );
test_all_kernel_objects( __LINE__, &attr3, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION );
attr2.ObjectName = attr3.ObjectName = &str2;
str2.Buffer = (WCHAR *)0xdeadbeef;
str2.Length = 3;
test_all_kernel_objects( __LINE__, &attr2, STATUS_DATATYPE_MISALIGNMENT, STATUS_DATATYPE_MISALIGNMENT );
test_all_kernel_objects( __LINE__, &attr3, STATUS_DATATYPE_MISALIGNMENT, STATUS_DATATYPE_MISALIGNMENT );
str2.Buffer = (WCHAR *)0xdeadbee0;
str2.Length = 2;
test_all_kernel_objects( __LINE__, &attr2, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION );
test_all_kernel_objects( __LINE__, &attr3, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION );
attr3.ObjectName = &str2;
pRtlInitUnicodeString( &str2, L"\\BaseNamedObjects\\Local" );
@ -580,54 +713,123 @@ static void test_name_limits(void)
status = pNtCreateMutant( &ret, GENERIC_ALL, NULL, FALSE );
ok( status == STATUS_SUCCESS, "NULL: NtCreateMutant failed %x\n", status );
pNtClose( ret );
status = pNtCreateMutant( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, FALSE );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateMutant failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenMutant( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenMutant failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenMutant( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenMutant failed %x\n", status );
status = pNtCreateSemaphore( &ret, GENERIC_ALL, NULL, 1, 2 );
ok( status == STATUS_SUCCESS, "NULL: NtCreateSemaphore failed %x\n", status );
pNtClose( ret );
status = pNtCreateSemaphore( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 1, 2 );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSemaphore failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenSemaphore( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSemaphore failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenSemaphore( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSemaphore failed %x\n", status );
status = pNtCreateEvent( &ret, GENERIC_ALL, NULL, SynchronizationEvent, 0 );
ok( status == STATUS_SUCCESS, "NULL: NtCreateEvent failed %x\n", status );
pNtClose( ret );
status = pNtCreateEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, SynchronizationEvent, 0 );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateEvent failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenEvent( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenEvent failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenEvent failed %x\n", status );
status = pNtCreateKeyedEvent( &ret, GENERIC_ALL, NULL, 0 );
ok( status == STATUS_SUCCESS, "NULL: NtCreateKeyedEvent failed %x\n", status );
pNtClose( ret );
status = pNtCreateKeyedEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 0 );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateKeyedEvent failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenKeyedEvent( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenKeyedEvent failed %x\n", status );
ok( !ret, "handle set %p\n", ret );
status = pNtOpenKeyedEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenKeyedEvent failed %x\n", status );
status = pNtCreateTimer( &ret, GENERIC_ALL, NULL, NotificationTimer );
ok( status == STATUS_SUCCESS, "NULL: NtCreateTimer failed %x\n", status );
pNtClose( ret );
status = pNtCreateTimer( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, NotificationTimer );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateTimer failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenTimer( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenTimer failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenTimer( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenTimer failed %x\n", status );
status = pNtCreateIoCompletion( &ret, GENERIC_ALL, NULL, 0 );
ok( status == STATUS_SUCCESS, "NULL: NtCreateCompletion failed %x\n", status );
pNtClose( ret );
status = pNtCreateIoCompletion( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 0 );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateCompletion failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenIoCompletion( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenCompletion failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenIoCompletion( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenCompletion failed %x\n", status );
status = pNtCreateJobObject( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_SUCCESS, "NULL: NtCreateJobObject failed %x\n", status );
pNtClose( ret );
status = pNtCreateJobObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateJobObject failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenJobObject( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenJobObject failed %x\n", status );
ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret );
status = pNtOpenJobObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenJobObject failed %x\n", status );
status = pNtCreateDirectoryObject( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_SUCCESS, "NULL: NtCreateDirectoryObject failed %x\n", status );
pNtClose( ret );
status = pNtCreateDirectoryObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateDirectoryObject failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenDirectoryObject( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenDirectoryObject failed %x\n", status );
ok( !ret, "handle set %p\n", ret );
status = pNtOpenDirectoryObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenDirectoryObject failed %x\n", status );
status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, NULL, &target );
ok( status == STATUS_ACCESS_VIOLATION || broken( status == STATUS_SUCCESS), /* winxp */
"NULL: NtCreateSymbolicLinkObject failed %x\n", status );
if (!status) pNtClose( ret );
status = pNtCreateSymbolicLinkObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, &target );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSymbolicLinkObject failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenSymbolicLinkObject( &ret, GENERIC_ALL, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSymbolicLinkObject failed %x\n", status );
ok( !ret, "handle set %p\n", ret );
status = pNtOpenSymbolicLinkObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSymbolicLinkObject failed %x\n", status );
status = pNtCreateSection( &ret, SECTION_MAP_WRITE, NULL, &size, PAGE_READWRITE, SEC_COMMIT, 0 );
ok( status == STATUS_SUCCESS, "NULL: NtCreateSection failed %x\n", status );
pNtClose( ret );
status = pNtCreateSection( (HANDLE *)0xdeadbee0, SECTION_MAP_WRITE, NULL, &size, PAGE_READWRITE, SEC_COMMIT, 0 );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSection failed %x\n", status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenSection( &ret, SECTION_MAP_WRITE, NULL );
ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSection failed %x\n", status );
ok( !ret, "handle set %p\n", ret );
status = pNtOpenSection( (HANDLE *)0xdeadbee0, SECTION_MAP_WRITE, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSection failed %x\n", status );
attr2.ObjectName = attr3.ObjectName = &str;
/* named pipes */
@ -750,11 +952,15 @@ static void test_name_limits(void)
status = pNtCreateKey( &ret, GENERIC_ALL, &attr, 0, NULL, 0, NULL );
ok( status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
"%u: NtCreateKey failed %x\n", str.Length, status );
status = pNtCreateKey( (HANDLE *)0xdeadbee0, GENERIC_ALL, &attr, 0, NULL, 0, NULL );
ok( status == STATUS_ACCESS_VIOLATION, "%u: NtCreateKey failed %x\n", str.Length, status );
if (!status)
{
status = pNtOpenKey( &ret2, KEY_READ, &attr );
ok( status == STATUS_SUCCESS, "%u: NtOpenKey failed %x\n", str.Length, status );
pNtClose( ret2 );
status = pNtOpenKey( (HANDLE *)0xdeadbee0, KEY_READ, &attr );
ok( status == STATUS_ACCESS_VIOLATION, "%u: NtOpenKey failed %x\n", str.Length, status );
attr3.RootDirectory = ret;
str.Length = 0;
status = pNtOpenKey( &ret2, KEY_READ, &attr3 );
@ -821,24 +1027,30 @@ static void test_name_limits(void)
status == STATUS_BUFFER_TOO_SMALL ||
status == STATUS_INVALID_PARAMETER,
"%u: NtCreateKey failed %x\n", str.Length, status );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenKey( &ret, GENERIC_ALL, &attr );
todo_wine
ok( status == STATUS_BUFFER_OVERFLOW ||
status == STATUS_BUFFER_TOO_SMALL ||
status == STATUS_INVALID_PARAMETER,
"%u: NtOpenKey failed %x\n", str.Length, status );
ok( !ret, "handle set %p\n", ret );
str.Length = 65534;
ret = (HANDLE)0xdeadbeef;
status = pNtCreateKey( &ret, GENERIC_ALL, &attr, 0, NULL, 0, NULL );
ok( status == STATUS_OBJECT_NAME_INVALID ||
status == STATUS_BUFFER_OVERFLOW ||
status == STATUS_BUFFER_TOO_SMALL,
"%u: NtCreateKey failed %x\n", str.Length, status );
ok( !ret, "handle set %p\n", ret );
ret = (HANDLE)0xdeadbeef;
status = pNtOpenKey( &ret, GENERIC_ALL, &attr );
todo_wine
ok( status == STATUS_OBJECT_NAME_INVALID ||
status == STATUS_BUFFER_OVERFLOW ||
status == STATUS_BUFFER_TOO_SMALL,
"%u: NtOpenKey failed %x\n", str.Length, status );
ok( !ret, "handle set %p\n", ret );
attr3.RootDirectory = 0;
attr2.ObjectName = attr3.ObjectName = NULL;
status = pNtCreateKey( &ret, GENERIC_ALL, &attr2, 0, NULL, 0, NULL );
@ -967,22 +1179,28 @@ static void test_directory(void)
ok( buffer[len / sizeof(WCHAR) - 1] == 0, "no terminating null\n" );
str.MaximumLength = str.Length;
str.Length = 0x4444;
len = 0xdeadbeef;
status = pNtQuerySymbolicLinkObject( dir, &str, &len );
ok( status == STATUS_BUFFER_TOO_SMALL, "NtQuerySymbolicLinkObject failed %08x\n", status );
ok( len == full_len, "bad length %u/%u\n", len, full_len );
ok( str.Length == 0x4444, "len set to %x\n", str.Length );
str.MaximumLength = 0;
str.Length = 0x4444;
len = 0xdeadbeef;
status = pNtQuerySymbolicLinkObject( dir, &str, &len );
ok( status == STATUS_BUFFER_TOO_SMALL, "NtQuerySymbolicLinkObject failed %08x\n", status );
ok( len == full_len, "bad length %u/%u\n", len, full_len );
ok( str.Length == 0x4444, "len set to %x\n", str.Length );
str.MaximumLength = str.Length + sizeof(WCHAR);
str.MaximumLength = full_len;
str.Length = 0x4444;
len = 0xdeadbeef;
status = pNtQuerySymbolicLinkObject( dir, &str, &len );
ok( status == STATUS_SUCCESS, "NtQuerySymbolicLinkObject failed %08x\n", status );
ok( len == full_len, "bad length %u/%u\n", len, full_len );
ok( str.Length == full_len - sizeof(WCHAR), "len set to %x\n", str.Length );
pNtClose(dir);
@ -1387,7 +1605,6 @@ static void test_query_object(void)
char dir[MAX_PATH], tmp_path[MAX_PATH], file1[MAX_PATH + 16];
WCHAR expect[100];
LARGE_INTEGER size;
BOOL ret;
InitializeObjectAttributes( &attr, &path, 0, 0, 0 );
@ -1683,8 +1900,8 @@ static void test_query_object(void)
test_object_type( GetCurrentThread(), L"Thread" );
test_no_file_info( GetCurrentThread() );
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle);
ok(ret, "OpenProcessToken failed: %u\n", GetLastError());
status = pNtOpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle);
ok(!status, "OpenProcessToken failed: %x\n", status);
test_object_name( handle, L"", FALSE );
test_object_type( handle, L"Token" );
@ -2367,13 +2584,17 @@ static void test_process(void)
cid.UniqueProcess = ULongToHandle( 0xdeadbeef );
cid.UniqueThread = ULongToHandle( 0xdeadbeef );
process = (HANDLE)0xdeadbeef;
status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid );
ok( status == STATUS_INVALID_CID, "NtOpenProcess returned %x\n", status );
ok( !process || broken(process == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", process );
cid.UniqueProcess = ULongToHandle( GetCurrentThreadId() );
cid.UniqueThread = 0;
process = (HANDLE)0xdeadbeef;
status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid );
ok( status == STATUS_INVALID_CID, "NtOpenProcess returned %x\n", status );
ok( !process || broken(process == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", process );
cid.UniqueProcess = ULongToHandle( GetCurrentProcessId() );
cid.UniqueThread = 0;
@ -2386,6 +2607,40 @@ static void test_process(void)
status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid );
ok( !status, "NtOpenProcess returned %x\n", status );
pNtClose( process );
status = pNtOpenProcess( (HANDLE *)0xdeadbee0, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid );
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcess returned %x\n", status );
}
static void test_token(void)
{
NTSTATUS status;
HANDLE handle, handle2;
status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, (HANDLE *)0xdeadbee0 );
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status);
status = pNtOpenThreadToken( GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, (HANDLE *)0xdeadbee0 );
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status);
handle = (HANDLE)0xdeadbeef;
status = NtOpenProcessToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, &handle );
ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %x\n", status);
ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle );
handle = (HANDLE)0xdeadbeef;
status = pNtOpenThreadToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, TRUE, &handle );
ok( status == STATUS_INVALID_HANDLE, "NtOpenThreadToken failed: %x\n", status);
ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle );
status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle );
ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %x\n", status);
status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 );
ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %x\n", status);
pNtClose( handle2 );
status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, (HANDLE *)0xdeadbee0 );
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status);
handle2 = (HANDLE)0xdeadbeef;
status = pNtDuplicateToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 );
ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %x\n", status);
ok( !handle2 || broken(handle2 == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle2 );
pNtClose( handle );
}
#define DEBUG_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE|SYNCHRONIZE)
@ -2472,6 +2727,39 @@ static void *align_ptr( void *ptr )
return (void *)(((DWORD_PTR)ptr + align) & ~align);
}
static void test_duplicate_object(void)
{
NTSTATUS status;
HANDLE handle;
status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(),
&handle, PROCESS_ALL_ACCESS, 0, 0 );
ok( !status, "NtDuplicateObject failed %x\n", status );
pNtClose( handle );
status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(),
NULL, PROCESS_ALL_ACCESS, 0, 0 );
ok( !status, "NtDuplicateObject failed %x\n", status );
status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(),
(HANDLE *)0xdeadbee0, PROCESS_ALL_ACCESS, 0, 0 );
ok( status == STATUS_ACCESS_VIOLATION, "NtDuplicateObject failed %x\n", status );
handle = (HANDLE)0xdeadbeef;
status = pNtDuplicateObject( GetCurrentProcess(), (HANDLE)0xdead, GetCurrentProcess(),
&handle, PROCESS_ALL_ACCESS, 0, 0 );
ok( status == STATUS_INVALID_HANDLE, "NtDuplicateObject failed %x\n", status );
ok( !handle, "handle set %p\n", handle );
handle = (HANDLE)0xdeadbeef;
status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(),
&handle, ~0u, 0, 0 );
todo_wine
ok( status == STATUS_ACCESS_DENIED, "NtDuplicateObject failed %x\n", status );
todo_wine
ok( !handle, "handle set %p\n", handle );
if (!status) pNtClose( handle );
}
static void test_object_types(void)
{
static const struct { const WCHAR *name; GENERIC_MAPPING mapping; ULONG mask, broken; } tests[] =
@ -2708,6 +2996,10 @@ START_TEST(om)
pNtOpenProcess = (void *)GetProcAddress(hntdll, "NtOpenProcess");
pNtCreateDebugObject = (void *)GetProcAddress(hntdll, "NtCreateDebugObject");
pNtGetNextThread = (void *)GetProcAddress(hntdll, "NtGetNextThread");
pNtOpenProcessToken = (void *)GetProcAddress(hntdll, "NtOpenProcessToken");
pNtOpenThreadToken = (void *)GetProcAddress(hntdll, "NtOpenThreadToken");
pNtDuplicateToken = (void *)GetProcAddress(hntdll, "NtDuplicateToken");
pNtDuplicateObject = (void *)GetProcAddress(hntdll, "NtDuplicateObject");
test_case_sensitive();
test_namespace_pipe();
@ -2724,6 +3016,8 @@ START_TEST(om)
test_null_device();
test_wait_on_address();
test_process();
test_token();
test_duplicate_object();
test_object_types();
test_get_next_thread();
}

5
dlls/ntdll/unix/file.c
View File

@ -3750,6 +3750,7 @@ NTSTATUS WINAPI NtCreateFile( HANDLE *handle, ACCESS_MASK access, OBJECT_ATTRIBU
attr->RootDirectory, attr->SecurityDescriptor, io, alloc_size,
attributes, sharing, disposition, options, ea_buffer, ea_length );
*handle = 0;
if (!attr || !attr->ObjectName) return STATUS_INVALID_PARAMETER;
if (alloc_size) FIXME( "alloc_size not supported\n" );
@ -3844,9 +3845,8 @@ NTSTATUS WINAPI NtCreateMailslotFile( HANDLE *handle, ULONG access, OBJECT_ATTRI
TRACE( "%p %08x %p %p %08x %08x %08x %p\n",
handle, access, attr, io, options, quota, msg_size, timeout );
if (!handle) return STATUS_ACCESS_VIOLATION;
*handle = 0;
if (!attr) return STATUS_INVALID_PARAMETER;
if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status;
SERVER_START_REQ( create_mailslot )
@ -3877,6 +3877,7 @@ NTSTATUS WINAPI NtCreateNamedPipeFile( HANDLE *handle, ULONG access, OBJECT_ATTR
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if (!attr) return STATUS_INVALID_PARAMETER;
TRACE( "(%p %x %s %p %x %d %x %d %d %d %d %d %d %p)\n",

2
dlls/ntdll/unix/process.c
View File

@ -1546,6 +1546,8 @@ NTSTATUS WINAPI NtOpenProcess( HANDLE *handle, ACCESS_MASK access,
{
NTSTATUS status;
*handle = 0;
SERVER_START_REQ( open_process )
{
req->pid = HandleToULong( id->UniqueProcess );

9
dlls/ntdll/unix/registry.c
View File

@ -79,14 +79,13 @@ NTSTATUS WINAPI NtCreateKey( HANDLE *key, ACCESS_MASK access, const OBJECT_ATTRI
data_size_t len;
struct object_attributes *objattr;
if (!key || !attr) return STATUS_ACCESS_VIOLATION;
if (attr->Length > sizeof(OBJECT_ATTRIBUTES)) return STATUS_INVALID_PARAMETER;
*key = 0;
if (attr->Length != sizeof(OBJECT_ATTRIBUTES)) return STATUS_INVALID_PARAMETER;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
TRACE( "(%p,%s,%s,%x,%x,%p)\n", attr->RootDirectory, debugstr_us(attr->ObjectName),
debugstr_us(class), options, access, key );
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_key )
{
req->access = access;
@ -125,7 +124,7 @@ NTSTATUS WINAPI NtOpenKeyEx( HANDLE *key, ACCESS_MASK access, const OBJECT_ATTRI
{
NTSTATUS ret;
if (!key || !attr || !attr->ObjectName) return STATUS_ACCESS_VIOLATION;
*key = 0;
if (attr->Length != sizeof(*attr)) return STATUS_INVALID_PARAMETER;
if (attr->ObjectName->Length & 1) return STATUS_OBJECT_NAME_INVALID;

5
dlls/ntdll/unix/security.c
View File

@ -55,6 +55,8 @@ NTSTATUS WINAPI NtOpenProcessTokenEx( HANDLE process, DWORD access, DWORD attrib
TRACE( "(%p,0x%08x,0x%08x,%p)\n", process, access, attributes, handle );
*handle = 0;
SERVER_START_REQ( open_token )
{
req->handle = wine_server_obj_handle( process );
@ -88,6 +90,8 @@ NTSTATUS WINAPI NtOpenThreadTokenEx( HANDLE thread, DWORD access, BOOLEAN self,
TRACE( "(%p,0x%08x,%u,0x%08x,%p)\n", thread, access, self, attributes, handle );
*handle = 0;
SERVER_START_REQ( open_token )
{
req->handle = wine_server_obj_handle( thread );
@ -113,6 +117,7 @@ NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRI
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status;
if (attr && attr->SecurityQualityOfService)

2
dlls/ntdll/unix/server.c
View File

@ -1668,6 +1668,8 @@ NTSTATUS WINAPI NtDuplicateObject( HANDLE source_process, HANDLE source, HANDLE
NTSTATUS ret;
int fd = -1;
if (dest) *dest = 0;
if ((options & DUPLICATE_CLOSE_SOURCE) && source_process != NtCurrentProcess())
{
apc_call_t call;

37
dlls/ntdll/unix/sync.c
View File

@ -249,6 +249,7 @@ NTSTATUS alloc_object_attributes( const OBJECT_ATTRIBUTES *attr, struct object_a
if (attr->ObjectName)
{
if ((ULONG_PTR)attr->ObjectName->Buffer & (sizeof(WCHAR) - 1)) return STATUS_DATATYPE_MISALIGNMENT;
if (attr->ObjectName->Length & (sizeof(WCHAR) - 1)) return STATUS_OBJECT_NAME_INVALID;
len += attr->ObjectName->Length;
}
@ -301,6 +302,7 @@ static NTSTATUS validate_open_object_attributes( const OBJECT_ATTRIBUTES *attr )
if (attr->ObjectName)
{
if ((ULONG_PTR)attr->ObjectName->Buffer & (sizeof(WCHAR) - 1)) return STATUS_DATATYPE_MISALIGNMENT;
if (attr->ObjectName->Length & (sizeof(WCHAR) - 1)) return STATUS_OBJECT_NAME_INVALID;
}
else if (attr->RootDirectory) return STATUS_OBJECT_NAME_INVALID;
@ -319,6 +321,7 @@ NTSTATUS WINAPI NtCreateSemaphore( HANDLE *handle, ACCESS_MASK access, const OBJ
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if (max <= 0 || initial < 0 || initial > max) return STATUS_INVALID_PARAMETER;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
@ -345,6 +348,7 @@ NTSTATUS WINAPI NtOpenSemaphore( HANDLE *handle, ACCESS_MASK access, const OBJEC
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_semaphore )
@ -427,6 +431,7 @@ NTSTATUS WINAPI NtCreateEvent( HANDLE *handle, ACCESS_MASK access, const OBJECT_
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if (type != NotificationEvent && type != SynchronizationEvent) return STATUS_INVALID_PARAMETER;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
@ -453,6 +458,7 @@ NTSTATUS WINAPI NtOpenEvent( HANDLE *handle, ACCESS_MASK access, const OBJECT_AT
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_event )
@ -582,6 +588,7 @@ NTSTATUS WINAPI NtCreateMutant( HANDLE *handle, ACCESS_MASK access, const OBJECT
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_mutex )
@ -606,6 +613,7 @@ NTSTATUS WINAPI NtOpenMutant( HANDLE *handle, ACCESS_MASK access, const OBJECT_A
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_mutex )
@ -685,6 +693,7 @@ NTSTATUS WINAPI NtCreateJobObject( HANDLE *handle, ACCESS_MASK access, const OBJ
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_job )
@ -707,6 +716,7 @@ NTSTATUS WINAPI NtOpenJobObject( HANDLE *handle, ACCESS_MASK access, const OBJEC
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_job )
@ -916,8 +926,8 @@ NTSTATUS WINAPI NtCreateDebugObject( HANDLE *handle, ACCESS_MASK access,
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if (flags & ~DEBUG_KILL_ON_CLOSE) return STATUS_INVALID_PARAMETER;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_debug_obj )
@ -1075,8 +1085,7 @@ NTSTATUS WINAPI NtCreateDirectoryObject( HANDLE *handle, ACCESS_MASK access, OBJ
data_size_t len;
struct object_attributes *objattr;
if (!handle) return STATUS_ACCESS_VIOLATION;
*handle = 0;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_directory )
@ -1099,7 +1108,7 @@ NTSTATUS WINAPI NtOpenDirectoryObject( HANDLE *handle, ACCESS_MASK access, const
{
NTSTATUS ret;
if (!handle) return STATUS_ACCESS_VIOLATION;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_directory )
@ -1176,9 +1185,9 @@ NTSTATUS WINAPI NtCreateSymbolicLinkObject( HANDLE *handle, ACCESS_MASK access,
data_size_t len;
struct object_attributes *objattr;
if (!handle || !attr || !target) return STATUS_ACCESS_VIOLATION;
if (!target->Buffer) return STATUS_INVALID_PARAMETER;
*handle = 0;
if (!target->MaximumLength) return STATUS_INVALID_PARAMETER;
if (!target->Buffer) return STATUS_ACCESS_VIOLATION;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_symlink )
@ -1203,7 +1212,7 @@ NTSTATUS WINAPI NtOpenSymbolicLinkObject( HANDLE *handle, ACCESS_MASK access,
{
NTSTATUS ret;
if (!handle) return STATUS_ACCESS_VIOLATION;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_symlink )
@ -1277,8 +1286,8 @@ NTSTATUS WINAPI NtCreateTimer( HANDLE *handle, ACCESS_MASK access, const OBJECT_
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if (type != NotificationTimer && type != SynchronizationTimer) return STATUS_INVALID_PARAMETER;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_timer )
@ -1304,6 +1313,7 @@ NTSTATUS WINAPI NtOpenTimer( HANDLE *handle, ACCESS_MASK access, const OBJECT_AT
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_timer )
@ -1651,6 +1661,7 @@ NTSTATUS WINAPI NtCreateKeyedEvent( HANDLE *handle, ACCESS_MASK access,
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret;
SERVER_START_REQ( create_keyed_event )
@ -1674,6 +1685,7 @@ NTSTATUS WINAPI NtOpenKeyedEvent( HANDLE *handle, ACCESS_MASK access, const OBJE
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_keyed_event )
@ -1740,7 +1752,7 @@ NTSTATUS WINAPI NtCreateIoCompletion( HANDLE *handle, ACCESS_MASK access, OBJECT
TRACE( "(%p, %x, %p, %d)\n", handle, access, attr, threads );
if (!handle) return STATUS_INVALID_PARAMETER;
*handle = 0;
if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status;
SERVER_START_REQ( create_completion )
@ -1764,7 +1776,7 @@ NTSTATUS WINAPI NtOpenIoCompletion( HANDLE *handle, ACCESS_MASK access, const OB
{
NTSTATUS status;
if (!handle) return STATUS_INVALID_PARAMETER;
*handle = 0;
if ((status = validate_open_object_attributes( attr ))) return status;
SERVER_START_REQ( open_completion )
@ -1929,6 +1941,8 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC
data_size_t len;
struct object_attributes *objattr;
*handle = 0;
switch (protect & 0xff)
{
case PAGE_READONLY:
@ -1977,6 +1991,7 @@ NTSTATUS WINAPI NtOpenSection( HANDLE *handle, ACCESS_MASK access, const OBJECT_
{
NTSTATUS ret;
*handle = 0;
if ((ret = validate_open_object_attributes( attr ))) return ret;
SERVER_START_REQ( open_mapping )

2
dlls/ntdll/unix/thread.c
View File

@ -1535,6 +1535,8 @@ NTSTATUS WINAPI NtOpenThread( HANDLE *handle, ACCESS_MASK access,
{
NTSTATUS ret;
*handle = 0;
SERVER_START_REQ( open_thread )
{
req->tid = HandleToULong(id->UniqueThread);