server: Add the name length to the object_attributes structure so that other variable length data can be present after object_attributes.

This commit is contained in:
Rob Shearman 2007-10-26 17:01:33 +01:00 committed by Alexandre Julliard
parent e2b5227b65
commit f98556c119
10 changed files with 23 additions and 21 deletions

View File

@ -154,6 +154,7 @@ NTSTATUS WINAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@ -262,6 +263,7 @@ NTSTATUS WINAPI NtCreateEvent(
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );
@ -425,6 +427,7 @@ NTSTATUS WINAPI NtCreateMutant(OUT HANDLE* MutantHandle,
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
status = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );

View File

@ -1864,6 +1864,7 @@ NTSTATUS WINAPI NtCreateSection( HANDLE *handle, ACCESS_MASK access, const OBJEC
objattr.rootdir = attr ? attr->RootDirectory : 0;
objattr.sd_len = 0;
objattr.name_len = len;
if (attr)
{
ret = NTDLL_create_struct_sd( attr->SecurityDescriptor, &sd, &objattr.sd_len );

View File

@ -180,10 +180,7 @@ DECL_HANDLER(create_event)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

View File

@ -408,10 +408,7 @@ DECL_HANDLER(create_mapping)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

View File

@ -205,10 +205,7 @@ DECL_HANDLER(create_mutex)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
objattr_get_name( objattr, &name );
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

View File

@ -237,6 +237,7 @@ struct object_attributes
{
obj_handle_t rootdir; /* root directory */
data_size_t sd_len; /* length of security_descriptor data. may be 0 */
data_size_t name_len; /* length of the name string. may be 0 */
/* VARARG(sd,security_descriptor); */
/* VARARG(name,unicode_str); */
};

View File

@ -131,3 +131,8 @@ static inline const SID *sd_get_group( const struct security_descriptor *sd )
/* determines whether an object_attributes struct is valid in a buffer
* and calls set_error appropriately */
extern int objattr_is_valid( const struct object_attributes *objattr, data_size_t size );
static inline void objattr_get_name( const struct object_attributes *objattr, struct unicode_str *name )
{
name->len = ((objattr->name_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name->str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
}

View File

@ -180,10 +180,8 @@ DECL_HANDLER(create_semaphore)
return;
sd = objattr->sd_len ? (const struct security_descriptor *)(objattr + 1) : NULL;
objattr_get_name( objattr, &name );
/* get unicode string */
name.len = ((get_req_data_size() - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR);
name.str = (const WCHAR *)get_req_data() + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
if (objattr->rootdir && !(root = get_directory_obj( current->process, objattr->rootdir, 0 )))
return;

View File

@ -309,7 +309,8 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
* and calls set_error appropriately */
int objattr_is_valid( const struct object_attributes *objattr, data_size_t size )
{
if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len))
if ((size < sizeof(*objattr)) || (size - sizeof(*objattr) < objattr->sd_len) ||
(size - sizeof(*objattr) - objattr->sd_len < objattr->name_len))
{
set_error( STATUS_ACCESS_VIOLATION );
return FALSE;

View File

@ -790,14 +790,16 @@ static void dump_varargs_object_attributes( data_size_t size )
{
const WCHAR *str;
fprintf( stderr, "rootdir=%p,sd=", objattr->rootdir );
if (objattr->sd_len > size - sizeof(*objattr)) return;
if (objattr->sd_len > size - sizeof(*objattr) ||
objattr->name_len > size - sizeof(*objattr) - objattr->sd_len)
return;
dump_inline_security_descriptor( (const struct security_descriptor *)(objattr + 1), objattr->sd_len );
str = (const WCHAR *)cur_data + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
str = (const WCHAR *)objattr + (sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR);
fprintf( stderr, ",name=L\"" );
dump_strW( str, (size - sizeof(*objattr) - objattr->sd_len) / sizeof(WCHAR),
stderr, "\"\"" );
dump_strW( str, objattr->name_len / sizeof(WCHAR), stderr, "\"\"" );
fputc( '\"', stderr );
remove_data( size );
remove_data( ((sizeof(*objattr) + objattr->sd_len) / sizeof(WCHAR)) * sizeof(WCHAR) +
objattr->name_len );
}
fputc( '}', stderr );
}