diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index a00cb5a6a5b..c7c849d2537 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -3081,6 +3081,8 @@ static void test_thread_lookup(void) cid.UniqueThread = ULongToHandle(GetCurrentThreadId()); status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid); ok(!status, "NtOpenThread returned %#x\n", status); + status = pNtOpenThread((HANDLE *)0xdeadbee0, THREAD_QUERY_INFORMATION, &attr, &cid); + ok( status == STATUS_ACCESS_VIOLATION, "NtOpenThread returned %#x\n", status); status = pNtQueryObject(handle, ObjectBasicInformation, &obj_info, sizeof(obj_info), NULL); ok(!status, "NtQueryObject returned: %#x\n", status); @@ -3110,16 +3112,21 @@ static void test_thread_lookup(void) cid.UniqueProcess = ULongToHandle(0xdeadbeef); cid.UniqueThread = ULongToHandle(GetCurrentThreadId()); - status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid); + handle = (HANDLE)0xdeadbeef; + status = NtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid); todo_wine ok(status == STATUS_INVALID_CID, "NtOpenThread returned %#x\n", status); + todo_wine + ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle ); if (!status) pNtClose(handle); cid.UniqueProcess = 0; cid.UniqueThread = ULongToHandle(0xdeadbeef); + handle = (HANDLE)0xdeadbeef; status = pNtOpenThread(&handle, THREAD_QUERY_INFORMATION, &attr, &cid); ok(status == STATUS_INVALID_CID || broken(status == STATUS_INVALID_PARAMETER) /* winxp */, "NtOpenThread returned %#x\n", status); + ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle ); } static void test_thread_info(void) diff --git a/dlls/ntdll/tests/om.c b/dlls/ntdll/tests/om.c index 81be7de00f6..af5e014f069 100644 --- a/dlls/ntdll/tests/om.c +++ b/dlls/ntdll/tests/om.c @@ -80,6 +80,10 @@ static NTSTATUS (WINAPI *pNtOpenProcess)( HANDLE *, ACCESS_MASK, const OBJECT_AT static NTSTATUS (WINAPI *pNtCreateDebugObject)( HANDLE *, ACCESS_MASK, OBJECT_ATTRIBUTES *, ULONG ); static NTSTATUS (WINAPI *pNtGetNextThread)(HANDLE process, HANDLE thread, ACCESS_MASK access, ULONG attributes, ULONG flags, HANDLE *handle); +static NTSTATUS (WINAPI *pNtOpenProcessToken)(HANDLE,DWORD,HANDLE*); +static NTSTATUS (WINAPI *pNtOpenThreadToken)(HANDLE,DWORD,BOOLEAN,HANDLE*); +static NTSTATUS (WINAPI *pNtDuplicateToken)(HANDLE,ACCESS_MASK,OBJECT_ATTRIBUTES*,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,HANDLE*); +static NTSTATUS (WINAPI *pNtDuplicateObject)(HANDLE,HANDLE,HANDLE,HANDLE*,ACCESS_MASK,ULONG,ULONG); #define KEYEDEVENT_WAIT 0x0001 #define KEYEDEVENT_WAKE 0x0002 @@ -144,21 +148,29 @@ static void test_namespace_pipe(void) pRtlInitUnicodeString(&str, L"\\??\\PIPE\\test\\pipe"); InitializeObjectAttributes(&attr, &str, 0, 0, NULL); + status = pNtCreateNamedPipeFile((HANDLE *)0xdeadbee0, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout); + ok(status == STATUS_ACCESS_VIOLATION, "Failed to create NamedPipe(%08x)\n", status); + status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout); ok(status == STATUS_SUCCESS, "Failed to create NamedPipe(%08x)\n", status); - status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, + h = (HANDLE)0xdeadbeef; + status = pNtCreateNamedPipeFile(&h, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout); ok(status == STATUS_INSTANCE_NOT_AVAILABLE, "NtCreateNamedPipeFile should have failed with STATUS_INSTANCE_NOT_AVAILABLE got(%08x)\n", status); + ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h ); pRtlInitUnicodeString(&str, L"\\??\\PIPE\\TEST\\PIPE"); InitializeObjectAttributes(&attr, &str, 0, 0, NULL); - status = pNtCreateNamedPipeFile(&pipe, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, + h = (HANDLE)0xdeadbeef; + status = pNtCreateNamedPipeFile(&h, GENERIC_READ|GENERIC_WRITE, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_CREATE, FILE_PIPE_FULL_DUPLEX, FALSE, FALSE, FALSE, 1, 256, 256, &timeout); ok(status == STATUS_INSTANCE_NOT_AVAILABLE, "NtCreateNamedPipeFile should have failed with STATUS_INSTANCE_NOT_AVAILABLE got(%08x)\n", status); + ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h ); h = CreateFileA("\\\\.\\pipe\\test\\pipe", GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0 ); @@ -167,19 +179,23 @@ static void test_namespace_pipe(void) pRtlInitUnicodeString(&str, L"\\??\\pipe\\test\\pipe"); InitializeObjectAttributes(&attr, &str, 0, 0, NULL); + h = (HANDLE)0xdeadbeef; status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0); ok(status == STATUS_OBJECT_PATH_NOT_FOUND || status == STATUS_PIPE_NOT_AVAILABLE || status == STATUS_OBJECT_NAME_INVALID || /* vista */ status == STATUS_OBJECT_NAME_NOT_FOUND, /* win8 */ "NtOpenFile should have failed with STATUS_OBJECT_PATH_NOT_FOUND got(%08x)\n", status); + ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h ); pRtlInitUnicodeString(&str, L"\\??\\pipe\\test"); InitializeObjectAttributes(&attr, &str, OBJ_CASE_INSENSITIVE, 0, NULL); + h = (HANDLE)0xdeadbeef; status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0); ok(status == STATUS_OBJECT_NAME_NOT_FOUND || status == STATUS_OBJECT_NAME_INVALID, /* vista */ "NtOpenFile should have failed with STATUS_OBJECT_NAME_NOT_FOUND got(%08x)\n", status); + ok( !h || broken(h == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", h ); str.Length -= 4 * sizeof(WCHAR); status = pNtOpenFile(&h, GENERIC_READ, &attr, &iosb, FILE_SHARE_READ|FILE_SHARE_WRITE, 0); @@ -361,69 +377,174 @@ static void test_all_kernel_objects( UINT line, OBJECT_ATTRIBUTES *attr, RtlInitUnicodeString( &target, L"\\DosDevices" ); size.QuadPart = 4096; + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateMutant( &ret, GENERIC_ALL, attr, FALSE ); ok( status == create_expect, "%u: NtCreateMutant failed %x\n", line, status ); status2 = pNtOpenMutant( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenMutant failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateMutant handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenMutant handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateSemaphore( &ret, GENERIC_ALL, attr, 1, 2 ); ok( status == create_expect, "%u: NtCreateSemaphore failed %x\n", line, status ); status2 = pNtOpenSemaphore( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenSemaphore failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSemaphore handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenSemaphore handle %p\n", line, ret ); + ret = (HANDLE)0xdeadbeef; + status = pNtCreateSemaphore( &ret, GENERIC_ALL, attr, 2, 1 ); + ok( status == STATUS_INVALID_PARAMETER || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateSemaphore failed %x\n", line, status ); + ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSemaphore handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateEvent( &ret, GENERIC_ALL, attr, SynchronizationEvent, 0 ); ok( status == create_expect, "%u: NtCreateEvent failed %x\n", line, status ); status2 = pNtOpenEvent( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenEvent failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateEvent handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenEvent handle %p\n", line, ret ); + ret = (HANDLE)0xdeadbeef; + status = pNtCreateEvent( &ret, GENERIC_ALL, attr, 2, 0 ); + ok( status == STATUS_INVALID_PARAMETER || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateEvent failed %x\n", line, status ); + ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateEvent handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateKeyedEvent( &ret, GENERIC_ALL, attr, 0 ); ok( status == create_expect, "%u: NtCreateKeyedEvent failed %x\n", line, status ); status2 = pNtOpenKeyedEvent( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenKeyedEvent failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateKeyedEvent handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenKeyedEvent handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateTimer( &ret, GENERIC_ALL, attr, NotificationTimer ); ok( status == create_expect, "%u: NtCreateTimer failed %x\n", line, status ); status2 = pNtOpenTimer( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenTimer failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateTimer handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenTimer handle %p\n", line, ret ); + ret = (HANDLE)0xdeadbeef; + status = pNtCreateTimer( &ret, GENERIC_ALL, attr, 2 ); + ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PARAMETER_4 || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateTimer failed %x\n", line, status ); + ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateTimer handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateIoCompletion( &ret, GENERIC_ALL, attr, 0 ); - ok( status == create_expect, "%u: NtCreateCompletion failed %x\n", line, status ); + ok( status == create_expect, "%u: NtCreateIoCompletion failed %x\n", line, status ); status2 = pNtOpenIoCompletion( &ret2, GENERIC_ALL, attr ); - ok( status2 == open_expect, "%u: NtOpenCompletion failed %x\n", line, status2 ); + ok( status2 == open_expect, "%u: NtOpenIoCompletion failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateIoCompletion handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenIoCompletion handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateJobObject( &ret, GENERIC_ALL, attr ); ok( status == create_expect, "%u: NtCreateJobObject failed %x\n", line, status ); status2 = pNtOpenJobObject( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenJobObject failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateJobObject handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenJobObject handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateDirectoryObject( &ret, GENERIC_ALL, attr ); ok( status == create_expect, "%u: NtCreateDirectoryObject failed %x\n", line, status ); status2 = pNtOpenDirectoryObject( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenDirectoryObject failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateDirectoryObject handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenDirectoryObject handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, attr, &target ); ok( status == create_expect, "%u: NtCreateSymbolicLinkObject failed %x\n", line, status ); status2 = pNtOpenSymbolicLinkObject( &ret2, GENERIC_ALL, attr ); ok( status2 == open_expect, "%u: NtOpenSymbolicLinkObject failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSymbolicLinkObject handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenSymbolicLinkObject handle %p\n", line, ret ); + ret = (HANDLE)0xdeadbeef; + target.MaximumLength = 0; + status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, attr, &target ); + ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PARAMETER_4 || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateSymbolicLinkObject failed %x\n", line, status ); + ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSymbolicLinkObject handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateSection( &ret, SECTION_MAP_WRITE, attr, &size, PAGE_READWRITE, SEC_COMMIT, 0 ); ok( status == create_expect, "%u: NtCreateSection failed %x\n", line, status ); status2 = pNtOpenSection( &ret2, SECTION_MAP_WRITE, attr ); ok( status2 == open_expect, "%u: NtOpenSection failed %x\n", line, status2 ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSection handle %p\n", line, ret ); if (!status2) pNtClose( ret2 ); + else ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtOpenSection handle %p\n", line, ret ); + ret = (HANDLE)0xdeadbeef; + status = pNtCreateSection( &ret, SECTION_MAP_WRITE, attr, &size, 0x1234, SEC_COMMIT, 0 ); + ok( status == STATUS_INVALID_PARAMETER || status == STATUS_INVALID_PAGE_PROTECTION || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateSection failed %x\n", line, status ); + ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateSection handle %p\n", line, ret ); + + ret = ret2 = (HANDLE)0xdeadbeef; status = pNtCreateDebugObject( &ret, DEBUG_ALL_ACCESS, attr, 0 ); ok( status == create_expect, "%u: NtCreateDebugObject failed %x\n", line, status ); if (!status) pNtClose( ret ); + else ok( !ret || broken( ret == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateDebugObject handle %p\n", line, ret ); + status = pNtCreateDebugObject( &ret2, DEBUG_ALL_ACCESS, attr, 0xdead ); + ok( status == STATUS_INVALID_PARAMETER || + (status == STATUS_ACCESS_VIOLATION && create_expect == STATUS_ACCESS_VIOLATION), + "%u: NtCreateDebugObject failed %x\n", line, status ); + ok( !ret2 || broken( ret2 == (HANDLE)0xdeadbeef ) /* vista */, + "%u: NtCreateDebugObject handle %p\n", line, ret ); } static void test_name_limits(void) @@ -567,6 +688,18 @@ static void test_name_limits(void) attr2.ObjectName = attr3.ObjectName = NULL; test_all_kernel_objects( __LINE__, &attr2, STATUS_OBJECT_NAME_INVALID, STATUS_OBJECT_NAME_INVALID ); test_all_kernel_objects( __LINE__, &attr3, STATUS_SUCCESS, STATUS_OBJECT_PATH_SYNTAX_BAD ); + attr2.ObjectName = attr3.ObjectName = (void *)0xdeadbeef; + test_all_kernel_objects( __LINE__, &attr2, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION ); + test_all_kernel_objects( __LINE__, &attr3, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION ); + attr2.ObjectName = attr3.ObjectName = &str2; + str2.Buffer = (WCHAR *)0xdeadbeef; + str2.Length = 3; + test_all_kernel_objects( __LINE__, &attr2, STATUS_DATATYPE_MISALIGNMENT, STATUS_DATATYPE_MISALIGNMENT ); + test_all_kernel_objects( __LINE__, &attr3, STATUS_DATATYPE_MISALIGNMENT, STATUS_DATATYPE_MISALIGNMENT ); + str2.Buffer = (WCHAR *)0xdeadbee0; + str2.Length = 2; + test_all_kernel_objects( __LINE__, &attr2, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION ); + test_all_kernel_objects( __LINE__, &attr3, STATUS_ACCESS_VIOLATION, STATUS_ACCESS_VIOLATION ); attr3.ObjectName = &str2; pRtlInitUnicodeString( &str2, L"\\BaseNamedObjects\\Local" ); @@ -580,54 +713,123 @@ static void test_name_limits(void) status = pNtCreateMutant( &ret, GENERIC_ALL, NULL, FALSE ); ok( status == STATUS_SUCCESS, "NULL: NtCreateMutant failed %x\n", status ); pNtClose( ret ); + status = pNtCreateMutant( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, FALSE ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateMutant failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenMutant( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenMutant failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenMutant( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenMutant failed %x\n", status ); + status = pNtCreateSemaphore( &ret, GENERIC_ALL, NULL, 1, 2 ); ok( status == STATUS_SUCCESS, "NULL: NtCreateSemaphore failed %x\n", status ); pNtClose( ret ); + status = pNtCreateSemaphore( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 1, 2 ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSemaphore failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenSemaphore( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSemaphore failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenSemaphore( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSemaphore failed %x\n", status ); + status = pNtCreateEvent( &ret, GENERIC_ALL, NULL, SynchronizationEvent, 0 ); ok( status == STATUS_SUCCESS, "NULL: NtCreateEvent failed %x\n", status ); pNtClose( ret ); + status = pNtCreateEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, SynchronizationEvent, 0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateEvent failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenEvent( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenEvent failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenEvent failed %x\n", status ); + status = pNtCreateKeyedEvent( &ret, GENERIC_ALL, NULL, 0 ); ok( status == STATUS_SUCCESS, "NULL: NtCreateKeyedEvent failed %x\n", status ); pNtClose( ret ); + status = pNtCreateKeyedEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateKeyedEvent failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenKeyedEvent( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenKeyedEvent failed %x\n", status ); + ok( !ret, "handle set %p\n", ret ); + status = pNtOpenKeyedEvent( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenKeyedEvent failed %x\n", status ); + status = pNtCreateTimer( &ret, GENERIC_ALL, NULL, NotificationTimer ); ok( status == STATUS_SUCCESS, "NULL: NtCreateTimer failed %x\n", status ); pNtClose( ret ); + status = pNtCreateTimer( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, NotificationTimer ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateTimer failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenTimer( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenTimer failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenTimer( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenTimer failed %x\n", status ); + status = pNtCreateIoCompletion( &ret, GENERIC_ALL, NULL, 0 ); ok( status == STATUS_SUCCESS, "NULL: NtCreateCompletion failed %x\n", status ); pNtClose( ret ); + status = pNtCreateIoCompletion( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, 0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateCompletion failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenIoCompletion( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenCompletion failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenIoCompletion( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenCompletion failed %x\n", status ); + status = pNtCreateJobObject( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_SUCCESS, "NULL: NtCreateJobObject failed %x\n", status ); pNtClose( ret ); + status = pNtCreateJobObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateJobObject failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenJobObject( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenJobObject failed %x\n", status ); + ok( !ret || broken(ret == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", ret ); + status = pNtOpenJobObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenJobObject failed %x\n", status ); + status = pNtCreateDirectoryObject( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_SUCCESS, "NULL: NtCreateDirectoryObject failed %x\n", status ); pNtClose( ret ); + status = pNtCreateDirectoryObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateDirectoryObject failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenDirectoryObject( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenDirectoryObject failed %x\n", status ); + ok( !ret, "handle set %p\n", ret ); + status = pNtOpenDirectoryObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenDirectoryObject failed %x\n", status ); + status = pNtCreateSymbolicLinkObject( &ret, GENERIC_ALL, NULL, &target ); ok( status == STATUS_ACCESS_VIOLATION || broken( status == STATUS_SUCCESS), /* winxp */ "NULL: NtCreateSymbolicLinkObject failed %x\n", status ); if (!status) pNtClose( ret ); + status = pNtCreateSymbolicLinkObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL, &target ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSymbolicLinkObject failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenSymbolicLinkObject( &ret, GENERIC_ALL, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSymbolicLinkObject failed %x\n", status ); + ok( !ret, "handle set %p\n", ret ); + status = pNtOpenSymbolicLinkObject( (HANDLE *)0xdeadbee0, GENERIC_ALL, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSymbolicLinkObject failed %x\n", status ); + status = pNtCreateSection( &ret, SECTION_MAP_WRITE, NULL, &size, PAGE_READWRITE, SEC_COMMIT, 0 ); ok( status == STATUS_SUCCESS, "NULL: NtCreateSection failed %x\n", status ); pNtClose( ret ); + status = pNtCreateSection( (HANDLE *)0xdeadbee0, SECTION_MAP_WRITE, NULL, &size, PAGE_READWRITE, SEC_COMMIT, 0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtCreateSection failed %x\n", status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenSection( &ret, SECTION_MAP_WRITE, NULL ); ok( status == STATUS_INVALID_PARAMETER, "NULL: NtOpenSection failed %x\n", status ); + ok( !ret, "handle set %p\n", ret ); + status = pNtOpenSection( (HANDLE *)0xdeadbee0, SECTION_MAP_WRITE, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "NULL: NtOpenSection failed %x\n", status ); attr2.ObjectName = attr3.ObjectName = &str; /* named pipes */ @@ -750,11 +952,15 @@ static void test_name_limits(void) status = pNtCreateKey( &ret, GENERIC_ALL, &attr, 0, NULL, 0, NULL ); ok( status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED, "%u: NtCreateKey failed %x\n", str.Length, status ); + status = pNtCreateKey( (HANDLE *)0xdeadbee0, GENERIC_ALL, &attr, 0, NULL, 0, NULL ); + ok( status == STATUS_ACCESS_VIOLATION, "%u: NtCreateKey failed %x\n", str.Length, status ); if (!status) { status = pNtOpenKey( &ret2, KEY_READ, &attr ); ok( status == STATUS_SUCCESS, "%u: NtOpenKey failed %x\n", str.Length, status ); pNtClose( ret2 ); + status = pNtOpenKey( (HANDLE *)0xdeadbee0, KEY_READ, &attr ); + ok( status == STATUS_ACCESS_VIOLATION, "%u: NtOpenKey failed %x\n", str.Length, status ); attr3.RootDirectory = ret; str.Length = 0; status = pNtOpenKey( &ret2, KEY_READ, &attr3 ); @@ -821,24 +1027,30 @@ static void test_name_limits(void) status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INVALID_PARAMETER, "%u: NtCreateKey failed %x\n", str.Length, status ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenKey( &ret, GENERIC_ALL, &attr ); todo_wine ok( status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INVALID_PARAMETER, "%u: NtOpenKey failed %x\n", str.Length, status ); + ok( !ret, "handle set %p\n", ret ); str.Length = 65534; + ret = (HANDLE)0xdeadbeef; status = pNtCreateKey( &ret, GENERIC_ALL, &attr, 0, NULL, 0, NULL ); ok( status == STATUS_OBJECT_NAME_INVALID || status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL, "%u: NtCreateKey failed %x\n", str.Length, status ); + ok( !ret, "handle set %p\n", ret ); + ret = (HANDLE)0xdeadbeef; status = pNtOpenKey( &ret, GENERIC_ALL, &attr ); todo_wine ok( status == STATUS_OBJECT_NAME_INVALID || status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL, "%u: NtOpenKey failed %x\n", str.Length, status ); + ok( !ret, "handle set %p\n", ret ); attr3.RootDirectory = 0; attr2.ObjectName = attr3.ObjectName = NULL; status = pNtCreateKey( &ret, GENERIC_ALL, &attr2, 0, NULL, 0, NULL ); @@ -967,22 +1179,28 @@ static void test_directory(void) ok( buffer[len / sizeof(WCHAR) - 1] == 0, "no terminating null\n" ); str.MaximumLength = str.Length; + str.Length = 0x4444; len = 0xdeadbeef; status = pNtQuerySymbolicLinkObject( dir, &str, &len ); ok( status == STATUS_BUFFER_TOO_SMALL, "NtQuerySymbolicLinkObject failed %08x\n", status ); ok( len == full_len, "bad length %u/%u\n", len, full_len ); + ok( str.Length == 0x4444, "len set to %x\n", str.Length ); str.MaximumLength = 0; + str.Length = 0x4444; len = 0xdeadbeef; status = pNtQuerySymbolicLinkObject( dir, &str, &len ); ok( status == STATUS_BUFFER_TOO_SMALL, "NtQuerySymbolicLinkObject failed %08x\n", status ); ok( len == full_len, "bad length %u/%u\n", len, full_len ); + ok( str.Length == 0x4444, "len set to %x\n", str.Length ); - str.MaximumLength = str.Length + sizeof(WCHAR); + str.MaximumLength = full_len; + str.Length = 0x4444; len = 0xdeadbeef; status = pNtQuerySymbolicLinkObject( dir, &str, &len ); ok( status == STATUS_SUCCESS, "NtQuerySymbolicLinkObject failed %08x\n", status ); ok( len == full_len, "bad length %u/%u\n", len, full_len ); + ok( str.Length == full_len - sizeof(WCHAR), "len set to %x\n", str.Length ); pNtClose(dir); @@ -1387,7 +1605,6 @@ static void test_query_object(void) char dir[MAX_PATH], tmp_path[MAX_PATH], file1[MAX_PATH + 16]; WCHAR expect[100]; LARGE_INTEGER size; - BOOL ret; InitializeObjectAttributes( &attr, &path, 0, 0, 0 ); @@ -1683,8 +1900,8 @@ static void test_query_object(void) test_object_type( GetCurrentThread(), L"Thread" ); test_no_file_info( GetCurrentThread() ); - ret = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle); - ok(ret, "OpenProcessToken failed: %u\n", GetLastError()); + status = pNtOpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle); + ok(!status, "OpenProcessToken failed: %x\n", status); test_object_name( handle, L"", FALSE ); test_object_type( handle, L"Token" ); @@ -2367,13 +2584,17 @@ static void test_process(void) cid.UniqueProcess = ULongToHandle( 0xdeadbeef ); cid.UniqueThread = ULongToHandle( 0xdeadbeef ); + process = (HANDLE)0xdeadbeef; status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid ); ok( status == STATUS_INVALID_CID, "NtOpenProcess returned %x\n", status ); + ok( !process || broken(process == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", process ); cid.UniqueProcess = ULongToHandle( GetCurrentThreadId() ); cid.UniqueThread = 0; + process = (HANDLE)0xdeadbeef; status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid ); ok( status == STATUS_INVALID_CID, "NtOpenProcess returned %x\n", status ); + ok( !process || broken(process == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", process ); cid.UniqueProcess = ULongToHandle( GetCurrentProcessId() ); cid.UniqueThread = 0; @@ -2386,6 +2607,40 @@ static void test_process(void) status = pNtOpenProcess( &process, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid ); ok( !status, "NtOpenProcess returned %x\n", status ); pNtClose( process ); + status = pNtOpenProcess( (HANDLE *)0xdeadbee0, PROCESS_QUERY_LIMITED_INFORMATION, &attr, &cid ); + ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcess returned %x\n", status ); +} + +static void test_token(void) +{ + NTSTATUS status; + HANDLE handle, handle2; + + status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, (HANDLE *)0xdeadbee0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status); + status = pNtOpenThreadToken( GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, (HANDLE *)0xdeadbee0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status); + handle = (HANDLE)0xdeadbeef; + status = NtOpenProcessToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, &handle ); + ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %x\n", status); + ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle ); + handle = (HANDLE)0xdeadbeef; + status = pNtOpenThreadToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, TRUE, &handle ); + ok( status == STATUS_INVALID_HANDLE, "NtOpenThreadToken failed: %x\n", status); + ok( !handle || broken(handle == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle ); + + status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle ); + ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %x\n", status); + status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 ); + ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %x\n", status); + pNtClose( handle2 ); + status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, (HANDLE *)0xdeadbee0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %x\n", status); + handle2 = (HANDLE)0xdeadbeef; + status = pNtDuplicateToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 ); + ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %x\n", status); + ok( !handle2 || broken(handle2 == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle2 ); + pNtClose( handle ); } #define DEBUG_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE|SYNCHRONIZE) @@ -2472,6 +2727,39 @@ static void *align_ptr( void *ptr ) return (void *)(((DWORD_PTR)ptr + align) & ~align); } +static void test_duplicate_object(void) +{ + NTSTATUS status; + HANDLE handle; + + status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(), + &handle, PROCESS_ALL_ACCESS, 0, 0 ); + ok( !status, "NtDuplicateObject failed %x\n", status ); + pNtClose( handle ); + status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(), + NULL, PROCESS_ALL_ACCESS, 0, 0 ); + ok( !status, "NtDuplicateObject failed %x\n", status ); + + status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(), + (HANDLE *)0xdeadbee0, PROCESS_ALL_ACCESS, 0, 0 ); + ok( status == STATUS_ACCESS_VIOLATION, "NtDuplicateObject failed %x\n", status ); + + handle = (HANDLE)0xdeadbeef; + status = pNtDuplicateObject( GetCurrentProcess(), (HANDLE)0xdead, GetCurrentProcess(), + &handle, PROCESS_ALL_ACCESS, 0, 0 ); + ok( status == STATUS_INVALID_HANDLE, "NtDuplicateObject failed %x\n", status ); + ok( !handle, "handle set %p\n", handle ); + + handle = (HANDLE)0xdeadbeef; + status = pNtDuplicateObject( GetCurrentProcess(), GetCurrentProcess(), GetCurrentProcess(), + &handle, ~0u, 0, 0 ); + todo_wine + ok( status == STATUS_ACCESS_DENIED, "NtDuplicateObject failed %x\n", status ); + todo_wine + ok( !handle, "handle set %p\n", handle ); + if (!status) pNtClose( handle ); +} + static void test_object_types(void) { static const struct { const WCHAR *name; GENERIC_MAPPING mapping; ULONG mask, broken; } tests[] = @@ -2708,6 +2996,10 @@ START_TEST(om) pNtOpenProcess = (void *)GetProcAddress(hntdll, "NtOpenProcess"); pNtCreateDebugObject = (void *)GetProcAddress(hntdll, "NtCreateDebugObject"); pNtGetNextThread = (void *)GetProcAddress(hntdll, "NtGetNextThread"); + pNtOpenProcessToken = (void *)GetProcAddress(hntdll, "NtOpenProcessToken"); + pNtOpenThreadToken = (void *)GetProcAddress(hntdll, "NtOpenThreadToken"); + pNtDuplicateToken = (void *)GetProcAddress(hntdll, "NtDuplicateToken"); + pNtDuplicateObject = (void *)GetProcAddress(hntdll, "NtDuplicateObject"); test_case_sensitive(); test_namespace_pipe(); @@ -2724,6 +3016,8 @@ START_TEST(om) test_null_device(); test_wait_on_address(); test_process(); + test_token(); + test_duplicate_object(); test_object_types(); test_get_next_thread(); } diff --git a/dlls/ntdll/unix/file.c b/dlls/ntdll/unix/file.c index 977b0dfbd51..10cbd64be70 100644 --- a/dlls/ntdll/unix/file.c +++ b/dlls/ntdll/unix/file.c @@ -3750,6 +3750,7 @@ NTSTATUS WINAPI NtCreateFile( HANDLE *handle, ACCESS_MASK access, OBJECT_ATTRIBU attr->RootDirectory, attr->SecurityDescriptor, io, alloc_size, attributes, sharing, disposition, options, ea_buffer, ea_length ); + *handle = 0; if (!attr || !attr->ObjectName) return STATUS_INVALID_PARAMETER; if (alloc_size) FIXME( "alloc_size not supported\n" ); @@ -3844,9 +3845,8 @@ NTSTATUS WINAPI NtCreateMailslotFile( HANDLE *handle, ULONG access, OBJECT_ATTRI TRACE( "%p %08x %p %p %08x %08x %08x %p\n", handle, access, attr, io, options, quota, msg_size, timeout ); - if (!handle) return STATUS_ACCESS_VIOLATION; + *handle = 0; if (!attr) return STATUS_INVALID_PARAMETER; - if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status; SERVER_START_REQ( create_mailslot ) @@ -3877,6 +3877,7 @@ NTSTATUS WINAPI NtCreateNamedPipeFile( HANDLE *handle, ULONG access, OBJECT_ATTR data_size_t len; struct object_attributes *objattr; + *handle = 0; if (!attr) return STATUS_INVALID_PARAMETER; TRACE( "(%p %x %s %p %x %d %x %d %d %d %d %d %d %p)\n", diff --git a/dlls/ntdll/unix/process.c b/dlls/ntdll/unix/process.c index 2cd91974462..e76e49ca69d 100644 --- a/dlls/ntdll/unix/process.c +++ b/dlls/ntdll/unix/process.c @@ -1546,6 +1546,8 @@ NTSTATUS WINAPI NtOpenProcess( HANDLE *handle, ACCESS_MASK access, { NTSTATUS status; + *handle = 0; + SERVER_START_REQ( open_process ) { req->pid = HandleToULong( id->UniqueProcess ); diff --git a/dlls/ntdll/unix/registry.c b/dlls/ntdll/unix/registry.c index 915b99d2c7f..265ed39bd17 100644 --- a/dlls/ntdll/unix/registry.c +++ b/dlls/ntdll/unix/registry.c @@ -79,14 +79,13 @@ NTSTATUS WINAPI NtCreateKey( HANDLE *key, ACCESS_MASK access, const OBJECT_ATTRI data_size_t len; struct object_attributes *objattr; - if (!key || !attr) return STATUS_ACCESS_VIOLATION; - if (attr->Length > sizeof(OBJECT_ATTRIBUTES)) return STATUS_INVALID_PARAMETER; + *key = 0; + if (attr->Length != sizeof(OBJECT_ATTRIBUTES)) return STATUS_INVALID_PARAMETER; + if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; TRACE( "(%p,%s,%s,%x,%x,%p)\n", attr->RootDirectory, debugstr_us(attr->ObjectName), debugstr_us(class), options, access, key ); - if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; - SERVER_START_REQ( create_key ) { req->access = access; @@ -125,7 +124,7 @@ NTSTATUS WINAPI NtOpenKeyEx( HANDLE *key, ACCESS_MASK access, const OBJECT_ATTRI { NTSTATUS ret; - if (!key || !attr || !attr->ObjectName) return STATUS_ACCESS_VIOLATION; + *key = 0; if (attr->Length != sizeof(*attr)) return STATUS_INVALID_PARAMETER; if (attr->ObjectName->Length & 1) return STATUS_OBJECT_NAME_INVALID; diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c index b998750d798..8e3afd078b4 100644 --- a/dlls/ntdll/unix/security.c +++ b/dlls/ntdll/unix/security.c @@ -55,6 +55,8 @@ NTSTATUS WINAPI NtOpenProcessTokenEx( HANDLE process, DWORD access, DWORD attrib TRACE( "(%p,0x%08x,0x%08x,%p)\n", process, access, attributes, handle ); + *handle = 0; + SERVER_START_REQ( open_token ) { req->handle = wine_server_obj_handle( process ); @@ -88,6 +90,8 @@ NTSTATUS WINAPI NtOpenThreadTokenEx( HANDLE thread, DWORD access, BOOLEAN self, TRACE( "(%p,0x%08x,%u,0x%08x,%p)\n", thread, access, self, attributes, handle ); + *handle = 0; + SERVER_START_REQ( open_token ) { req->handle = wine_server_obj_handle( thread ); @@ -113,6 +117,7 @@ NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRI data_size_t len; struct object_attributes *objattr; + *handle = 0; if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status; if (attr && attr->SecurityQualityOfService) diff --git a/dlls/ntdll/unix/server.c b/dlls/ntdll/unix/server.c index c2efd36ca6f..2ec70db9390 100644 --- a/dlls/ntdll/unix/server.c +++ b/dlls/ntdll/unix/server.c @@ -1668,6 +1668,8 @@ NTSTATUS WINAPI NtDuplicateObject( HANDLE source_process, HANDLE source, HANDLE NTSTATUS ret; int fd = -1; + if (dest) *dest = 0; + if ((options & DUPLICATE_CLOSE_SOURCE) && source_process != NtCurrentProcess()) { apc_call_t call; diff --git a/dlls/ntdll/unix/sync.c b/dlls/ntdll/unix/sync.c index 16635ee42fa..7bdce91e034 100644 --- a/dlls/ntdll/unix/sync.c +++ b/dlls/ntdll/unix/sync.c @@ -249,6 +249,7 @@ NTSTATUS alloc_object_attributes( const OBJECT_ATTRIBUTES *attr, struct object_a if (attr->ObjectName) { + if ((ULONG_PTR)attr->ObjectName->Buffer & (sizeof(WCHAR) - 1)) return STATUS_DATATYPE_MISALIGNMENT; if (attr->ObjectName->Length & (sizeof(WCHAR) - 1)) return STATUS_OBJECT_NAME_INVALID; len += attr->ObjectName->Length; } @@ -301,6 +302,7 @@ static NTSTATUS validate_open_object_attributes( const OBJECT_ATTRIBUTES *attr ) if (attr->ObjectName) { + if ((ULONG_PTR)attr->ObjectName->Buffer & (sizeof(WCHAR) - 1)) return STATUS_DATATYPE_MISALIGNMENT; if (attr->ObjectName->Length & (sizeof(WCHAR) - 1)) return STATUS_OBJECT_NAME_INVALID; } else if (attr->RootDirectory) return STATUS_OBJECT_NAME_INVALID; @@ -319,6 +321,7 @@ NTSTATUS WINAPI NtCreateSemaphore( HANDLE *handle, ACCESS_MASK access, const OBJ data_size_t len; struct object_attributes *objattr; + *handle = 0; if (max <= 0 || initial < 0 || initial > max) return STATUS_INVALID_PARAMETER; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; @@ -345,6 +348,7 @@ NTSTATUS WINAPI NtOpenSemaphore( HANDLE *handle, ACCESS_MASK access, const OBJEC { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_semaphore ) @@ -427,6 +431,7 @@ NTSTATUS WINAPI NtCreateEvent( HANDLE *handle, ACCESS_MASK access, const OBJECT_ data_size_t len; struct object_attributes *objattr; + *handle = 0; if (type != NotificationEvent && type != SynchronizationEvent) return STATUS_INVALID_PARAMETER; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; @@ -453,6 +458,7 @@ NTSTATUS WINAPI NtOpenEvent( HANDLE *handle, ACCESS_MASK access, const OBJECT_AT { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_event ) @@ -582,6 +588,7 @@ NTSTATUS WINAPI NtCreateMutant( HANDLE *handle, ACCESS_MASK access, const OBJECT data_size_t len; struct object_attributes *objattr; + *handle = 0; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_mutex ) @@ -606,6 +613,7 @@ NTSTATUS WINAPI NtOpenMutant( HANDLE *handle, ACCESS_MASK access, const OBJECT_A { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_mutex ) @@ -685,6 +693,7 @@ NTSTATUS WINAPI NtCreateJobObject( HANDLE *handle, ACCESS_MASK access, const OBJ data_size_t len; struct object_attributes *objattr; + *handle = 0; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_job ) @@ -707,6 +716,7 @@ NTSTATUS WINAPI NtOpenJobObject( HANDLE *handle, ACCESS_MASK access, const OBJEC { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_job ) @@ -916,8 +926,8 @@ NTSTATUS WINAPI NtCreateDebugObject( HANDLE *handle, ACCESS_MASK access, data_size_t len; struct object_attributes *objattr; + *handle = 0; if (flags & ~DEBUG_KILL_ON_CLOSE) return STATUS_INVALID_PARAMETER; - if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_debug_obj ) @@ -1075,8 +1085,7 @@ NTSTATUS WINAPI NtCreateDirectoryObject( HANDLE *handle, ACCESS_MASK access, OBJ data_size_t len; struct object_attributes *objattr; - if (!handle) return STATUS_ACCESS_VIOLATION; - + *handle = 0; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_directory ) @@ -1099,7 +1108,7 @@ NTSTATUS WINAPI NtOpenDirectoryObject( HANDLE *handle, ACCESS_MASK access, const { NTSTATUS ret; - if (!handle) return STATUS_ACCESS_VIOLATION; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_directory ) @@ -1176,9 +1185,9 @@ NTSTATUS WINAPI NtCreateSymbolicLinkObject( HANDLE *handle, ACCESS_MASK access, data_size_t len; struct object_attributes *objattr; - if (!handle || !attr || !target) return STATUS_ACCESS_VIOLATION; - if (!target->Buffer) return STATUS_INVALID_PARAMETER; - + *handle = 0; + if (!target->MaximumLength) return STATUS_INVALID_PARAMETER; + if (!target->Buffer) return STATUS_ACCESS_VIOLATION; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_symlink ) @@ -1203,7 +1212,7 @@ NTSTATUS WINAPI NtOpenSymbolicLinkObject( HANDLE *handle, ACCESS_MASK access, { NTSTATUS ret; - if (!handle) return STATUS_ACCESS_VIOLATION; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_symlink ) @@ -1277,8 +1286,8 @@ NTSTATUS WINAPI NtCreateTimer( HANDLE *handle, ACCESS_MASK access, const OBJECT_ data_size_t len; struct object_attributes *objattr; + *handle = 0; if (type != NotificationTimer && type != SynchronizationTimer) return STATUS_INVALID_PARAMETER; - if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_timer ) @@ -1304,6 +1313,7 @@ NTSTATUS WINAPI NtOpenTimer( HANDLE *handle, ACCESS_MASK access, const OBJECT_AT { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_timer ) @@ -1651,6 +1661,7 @@ NTSTATUS WINAPI NtCreateKeyedEvent( HANDLE *handle, ACCESS_MASK access, data_size_t len; struct object_attributes *objattr; + *handle = 0; if ((ret = alloc_object_attributes( attr, &objattr, &len ))) return ret; SERVER_START_REQ( create_keyed_event ) @@ -1674,6 +1685,7 @@ NTSTATUS WINAPI NtOpenKeyedEvent( HANDLE *handle, ACCESS_MASK access, const OBJE { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_keyed_event ) @@ -1740,7 +1752,7 @@ NTSTATUS WINAPI NtCreateIoCompletion( HANDLE *handle, ACCESS_MASK access, OBJECT TRACE( "(%p, %x, %p, %d)\n", handle, access, attr, threads ); - if (!handle) return STATUS_INVALID_PARAMETER; + *handle = 0; if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status; SERVER_START_REQ( create_completion ) @@ -1764,7 +1776,7 @@ NTSTATUS WINAPI NtOpenIoCompletion( HANDLE *handle, ACCESS_MASK access, const OB { NTSTATUS status; - if (!handle) return STATUS_INVALID_PARAMETER; + *handle = 0; if ((status = validate_open_object_attributes( attr ))) return status; SERVER_START_REQ( open_completion ) @@ -1929,6 +1941,8 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC data_size_t len; struct object_attributes *objattr; + *handle = 0; + switch (protect & 0xff) { case PAGE_READONLY: @@ -1977,6 +1991,7 @@ NTSTATUS WINAPI NtOpenSection( HANDLE *handle, ACCESS_MASK access, const OBJECT_ { NTSTATUS ret; + *handle = 0; if ((ret = validate_open_object_attributes( attr ))) return ret; SERVER_START_REQ( open_mapping ) diff --git a/dlls/ntdll/unix/thread.c b/dlls/ntdll/unix/thread.c index 4383a4779be..e47dfc645a2 100644 --- a/dlls/ntdll/unix/thread.c +++ b/dlls/ntdll/unix/thread.c @@ -1535,6 +1535,8 @@ NTSTATUS WINAPI NtOpenThread( HANDLE *handle, ACCESS_MASK access, { NTSTATUS ret; + *handle = 0; + SERVER_START_REQ( open_thread ) { req->tid = HandleToULong(id->UniqueThread);