Peb = NtCurrentPeb();
if(Peb->SessionId == 0)
{
- RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR);
+ if (!RtlCreateUnicodeString(&gustrWindowStationsDir, WINSTA_OBJ_DIR))
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
}
else
{
Peb->SessionId,
WINSTA_OBJ_DIR);
- RtlCreateUnicodeString( &gustrWindowStationsDir, wstrWindowStationsDir);
+ if (!RtlCreateUnicodeString(&gustrWindowStationsDir, wstrWindowStationsDir))
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
}
InitializeObjectAttributes(&ObjectAttributes,
&ReturnLength);
if (STATUS_BUFFER_TOO_SMALL == Status)
{
- BufferSize = ReturnLength;
- Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA);
- if (NULL == Buffer)
- {
- ObDereferenceObject(DirectoryHandle);
- return STATUS_NO_MEMORY;
- }
+ ObDereferenceObject(DirectoryHandle);
+ return STATUS_NO_MEMORY;
+ }
- /* We should have a sufficiently large buffer now */
- Context = 0;
- Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize,
- FALSE, TRUE, &Context, &ReturnLength);
- if (! NT_SUCCESS(Status) ||
- STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE,
- FALSE, &Context, NULL))
- {
- /* Something went wrong, maybe someone added a directory entry? Just give up. */
- ExFreePoolWithTag(Buffer, TAG_WINSTA);
- ObDereferenceObject(DirectoryHandle);
- return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status;
- }
+ BufferSize = ReturnLength;
+ Buffer = ExAllocatePoolWithTag(PagedPool, BufferSize, TAG_WINSTA);
+ if (NULL == Buffer)
+ {
+ ObDereferenceObject(DirectoryHandle);
+ return STATUS_NO_MEMORY;
+ }
+
+ /* We should have a sufficiently large buffer now */
+ Context = 0;
+ Status = ZwQueryDirectoryObject(DirectoryHandle, Buffer, BufferSize,
+ FALSE, TRUE, &Context, &ReturnLength);
+ if (! NT_SUCCESS(Status) ||
+ STATUS_NO_MORE_ENTRIES != ZwQueryDirectoryObject(DirectoryHandle, NULL, 0, FALSE,
+ FALSE, &Context, NULL))
+ {
+ /* Something went wrong, maybe someone added a directory entry? Just give up. */
+ ExFreePoolWithTag(Buffer, TAG_WINSTA);
+ ObDereferenceObject(DirectoryHandle);
+ return NT_SUCCESS(Status) ? STATUS_INTERNAL_ERROR : Status;
}
}
/*
* Clean up
*/
- if (NULL != Buffer && Buffer != InitialBuffer)
+ if (Buffer != InitialBuffer)
{
ExFreePoolWithTag(Buffer, TAG_WINSTA);
}
DWORD EntryCount;
ULONG ReturnLength;
WCHAR NullWchar;
+ PUNICODE_STRING DesktopName;
Status = IntValidateWindowStationHandle(hWindowStation,
KernelMode,
DesktopEntry = DesktopEntry->Flink)
{
DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry);
- ReturnLength += ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length + sizeof(WCHAR);
+ DesktopName = GET_DESKTOP_NAME(DesktopObject);
+ if (DesktopName) ReturnLength += DesktopName->Length + sizeof(WCHAR);
EntryCount++;
}
TRACE("Required size: %d Entry count: %d\n", ReturnLength, EntryCount);
DesktopEntry = DesktopEntry->Flink)
{
DesktopObject = CONTAINING_RECORD(DesktopEntry, DESKTOP, ListEntry);
- Status = MmCopyToCaller(lpBuffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Buffer, ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length);
+ _PRAGMA_WARNING_SUPPRESS(__WARNING_DEREF_NULL_PTR)
+ DesktopName = GET_DESKTOP_NAME(DesktopObject);/// @todo Don't mess around with the object headers!
+ if (!DesktopName) continue;
+
+ Status = MmCopyToCaller(lpBuffer, DesktopName->Buffer, DesktopName->Length);
if (! NT_SUCCESS(Status))
{
KeReleaseSpinLock(&WindowStation->Lock, OldLevel);
ObDereferenceObject(WindowStation);
return Status;
}
- lpBuffer = (PVOID) ((PCHAR) lpBuffer + ((PUNICODE_STRING)GET_DESKTOP_NAME(DesktopObject))->Length);
+ lpBuffer = (PVOID) ((PCHAR)lpBuffer + DesktopName->Length);
Status = MmCopyToCaller(lpBuffer, &NullWchar, sizeof(WCHAR));
if (! NT_SUCCESS(Status))
{