[NTOS:KD] Protect against invalid user arguments for BREAKPOINT_LOAD_SYMBOLS. CORE... 160/head
authorThomas Faber <thomas.faber@reactos.org>
Fri, 8 Dec 2017 13:45:26 +0000 (14:45 +0100)
committerThomas Faber <thomas.faber@reactos.org>
Sun, 10 Dec 2017 14:26:18 +0000 (15:26 +0100)
ntoskrnl/kd/kdmain.c

index a6627b8..52b8bab 100644 (file)
@@ -153,11 +153,38 @@ KdpEnterDebuggerException(IN PKTRAP_FRAME TrapFrame,
 #ifdef KDBG
         else if (ExceptionCommand == BREAKPOINT_LOAD_SYMBOLS)
         {
+            PKD_SYMBOLS_INFO SymbolsInfo;
+            KD_SYMBOLS_INFO CapturedSymbolsInfo;
             PLDR_DATA_TABLE_ENTRY LdrEntry;
 
-            /* Load symbols. Currently implemented only for KDBG! */
-            if(KdbpSymFindModule(((PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2])->BaseOfDll, NULL, -1, &LdrEntry))
-                KdbSymProcessSymbols(LdrEntry);
+            SymbolsInfo = (PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2];
+            if (PreviousMode != KernelMode)
+            {
+                _SEH2_TRY
+                {
+                    ProbeForRead(SymbolsInfo,
+                                 sizeof(*SymbolsInfo),
+                                 1);
+                    RtlCopyMemory(&CapturedSymbolsInfo,
+                                  SymbolsInfo,
+                                  sizeof(*SymbolsInfo));
+                    SymbolsInfo = &CapturedSymbolsInfo;
+                }
+                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+                {
+                    SymbolsInfo = NULL;
+                }
+                _SEH2_END;
+            }
+
+            if (SymbolsInfo != NULL)
+            {
+                /* Load symbols. Currently implemented only for KDBG! */
+                if (KdbpSymFindModule(SymbolsInfo->BaseOfDll, NULL, -1, &LdrEntry))
+                {
+                    KdbSymProcessSymbols(LdrEntry);
+                }
+            }
         }
         else if (ExceptionCommand == BREAKPOINT_PROMPT)
         {