ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes.

This commit is contained in:
Rob Shearman 2007-10-26 17:01:33 +01:00 committed by Alexandre Julliard
parent e2b5227b65
commit f98556c119
10 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dlls/ntdll/sync.c
View File

@ -154,6 +154,7 @@ NTSTATUS WINAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@ -262,6 +263,7 @@ NTSTATUS WINAPI NtCreateEvent(
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@ -425,6 +427,7 @@ NTSTATUS WINAPI NtCreateMutant(OUT HANDLE* MutantHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
status = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );

1
dlls/ntdll/virtual.c
View File

@ -1864,6 +1864,7 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );

5
server/event.c
View File

@ -180,10 +180,7 @@ DECL_HANDLER(create_event)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

5
server/mapping.c
View File

@ -408,10 +408,7 @@ DECL_HANDLER(create_mapping)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

5
server/mutex.c
View File

@ -205,10 +205,7 @@ DECL_HANDLER(create_mutex)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

1
server/protocol.def
View File

@ -237,6 +237,7 @@ struct object_attributes
{
obj_handle_t rootdir; /* root directory */
data_size_t sd_len; /* length of security_descriptor data. may be 0 */
data_size_t name_len; /* length of the name string. may be 0 */
/* VARARG(sd,security_descriptor); */
/* VARARG(name,unicode_str); */
};

5
server/security.h
View File

@ -131,3 +131,8 @@ static inline const SID *sd_get_group( const struct security_descriptor *sd )
/* determines whether an object_attributes struct is valid in a buffer
* and calls set_error appropriately */
extern int objattr_is_valid( const struct object_attributes *objattr, data_size_t size );
static inline void objattr_get_name( const struct object_attributes *objattr, struct unicode_str *name )
{
name->len = ((objattr->name_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name->str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
}

4
server/semaphore.c
View File

@ -180,10 +180,8 @@ DECL_HANDLER(create_semaphore)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
objattr_get_name( objattr, &name );
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

3
server/token.c
View File

@ -309,7 +309,8 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
* and calls set_error appropriately */
int objattr_is_valid( const struct object_attributes *objattr, data_size_t size )
{
if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len))
if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len) ||
(size - sizeof(*objattr) - objattr->sd_len < objattr->name_len))
{
set_error( STATUS_ACCESS_VIOLATION );
return FALSE;

12
server/trace.c
View File

@ -790,14 +790,16 @@ static void dump_varargs_object_attributes( data_size_t size )
{
const WCHAR *str;
fprintf( stderr, "rootdir=%p,sd=", objattr->rootdir );
if (objattr->sd_len > size - sizeof(*objattr)) return;
if (objattr->sd_len > size - sizeof(*objattr) ||
objattr->name_len > size - sizeof(*objattr) - objattr->sd_len)
return;
dump_inline_security_descriptor( (const struct security_descriptor *)(objattr + 1), objattr->sd_len );
str = (const WCHAR *)cur_data + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
fprintf( stderr, ",name=L\"" );
dump_strW( str, (size - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR),
stderr, "\"\"" );
dump_strW( str, objattr->name_len / sizeof(WCHAR), stderr, "\"\"" );
fputc( '\"', stderr );
remove_data( size );
remove_data( ((sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR) +
objattr->name_len );
}
fputc( '}', stderr );
}