[CSRSRV/BASESRV/CONSRV/WINSRV]

- Add a useful CHECK_API_MSG_SIZE macro to check whether a server message structure can hold in a CSR_API_MESSAGE structure. These checks are required because LPC will use the generic CSR_API_MESSAGE structure for communicating all the different servers' messages, and thus we avoid possible buffer overflows with this method.
- Effectively use this macro for all the server message structures.
- Remove a hack regarding the maximum data size we can pass through the CSR LPC port.
- Remove the now unused CSRSS_HEADER_SIZE symbol.

svn path=/branches/ros-csrss/; revision=57810

diff --git a/include/reactos/subsys/csr/csrmsg.h b/include/reactos/subsys/csr/csrmsg.h
index a64bfff..17164ac 100644 (file)
--- a/include/reactos/subsys/csr/csrmsg.h
+++ b/include/reactos/subsys/csr/csrmsg.h
@@ -64,6 +64,10 @@ typedef struct _CSR_CONNECTION_INFO
     HANDLE ProcessId;
 } CSR_CONNECTION_INFO, *PCSR_CONNECTION_INFO;
 
+// We must have a size at most equal to the maximum acceptable LPC data size.
+C_ASSERT(sizeof(CSR_CONNECTION_INFO) <= LPC_MAX_DATA_LENGTH);
+
+
 typedef struct _CSR_IDENTIFY_ALTERTABLE_THREAD
 {
     CLIENT_ID Cid;
@@ -97,8 +101,6 @@ typedef struct _CSR_CAPTURE_BUFFER
     ULONG_PTR PointerOffsetsArray[ANYSIZE_ARRAY];
 } CSR_CAPTURE_BUFFER, *PCSR_CAPTURE_BUFFER;
 
-/* Keep in sync with definition below. */
-// #define CSRSS_HEADER_SIZE (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(NTSTATUS))
 
 typedef struct _CSR_API_MESSAGE
 {
@@ -117,11 +119,38 @@ typedef struct _CSR_API_MESSAGE
                 CSR_CLIENT_CONNECT CsrClientConnect;
                 CSR_SET_PRIORITY_CLASS SetPriorityClass;
                 CSR_IDENTIFY_ALTERTABLE_THREAD IdentifyAlertableThread;
+
+                //
+                // This padding is used to make the CSR_API_MESSAGE structure
+                // large enough to hold full other API_MESSAGE-type structures
+                // used by other servers. These latter structures's sizes must
+                // be checked against the size of CSR_API_MESSAGE by using the
+                // CHECK_API_MSG_SIZE macro defined below.
+                //
+                // This is required because LPC will use this generic structure
+                // for communicating all the different servers' messages, and
+                // thus we avoid possible buffer overflows with this method.
+                // The problems there are, that we have to manually adjust the
+                // size of the padding to hope that all the servers' messaging
+                // structures will hold in it, or, that we have to be careful
+                // to not define too big messaging structures for the servers.
+                //
+                // Finally, the overall message structure size must be at most
+                // equal to the maximum acceptable LPC message size.
+                //
+                ULONG_PTR Padding[35];
             } Data;
         };
     };
 } CSR_API_MESSAGE, *PCSR_API_MESSAGE;
 
+// We must have a size at most equal to the maximum acceptable LPC message size.
+C_ASSERT(sizeof(CSR_API_MESSAGE) <= LPC_MAX_MESSAGE_LENGTH);
+
+// Macro to check that the total size of servers' message structures
+// are at most equal to the size of the CSR_API_MESSAGE structure.
+#define CHECK_API_MSG_SIZE(type) C_ASSERT(sizeof(type) <= sizeof(CSR_API_MESSAGE))
+
 #endif // _CSRMSG_H
 
 /* EOF */

diff --git a/include/reactos/subsys/win/basemsg.h b/include/reactos/subsys/win/basemsg.h
index a4934a0..7280b70 100644 (file)
--- a/include/reactos/subsys/win/basemsg.h
+++ b/include/reactos/subsys/win/basemsg.h
@@ -203,6 +203,9 @@ typedef struct _BASE_API_MESSAGE
     } Data;
 } BASE_API_MESSAGE, *PBASE_API_MESSAGE;
 
+// Check that a BASE_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(BASE_API_MESSAGE);
+
 #endif // _BASEMSG_H
 
 /* EOF */

diff --git a/include/reactos/subsys/win/conmsg.h b/include/reactos/subsys/win/conmsg.h
index 8fa4ddf..513307a 100644 (file)
--- a/include/reactos/subsys/win/conmsg.h
+++ b/include/reactos/subsys/win/conmsg.h
@@ -618,6 +618,9 @@ typedef struct _CONSOLE_API_MESSAGE
     } Data;
 } CONSOLE_API_MESSAGE, *PCONSOLE_API_MESSAGE;
 
+// Check that a CONSOLE_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(CONSOLE_API_MESSAGE);
+
 #endif // _CONMSG_H
 
 /* EOF */

diff --git a/include/reactos/subsys/win/winmsg.h b/include/reactos/subsys/win/winmsg.h
index d9ff9a7..9b1bfc6 100644 (file)
--- a/include/reactos/subsys/win/winmsg.h
+++ b/include/reactos/subsys/win/winmsg.h
@@ -83,6 +83,9 @@ typedef struct _USER_API_MESSAGE
     } Data;
 } USER_API_MESSAGE, *PUSER_API_MESSAGE;
 
+// Check that a USER_API_MESSAGE can hold in a CSR_API_MESSAGE.
+CHECK_API_MSG_SIZE(USER_API_MESSAGE);
+
 #endif // _WINMSG_H
 
 /* EOF */

diff --git a/subsystems/win32/csrsrv/api.c b/subsystems/win32/csrsrv/api.c
index 91e8657..b95bd76 100644 (file)
--- a/subsystems/win32/csrsrv/api.c
+++ b/subsystems/win32/csrsrv/api.c
@@ -919,13 +919,13 @@ CsrApiPortInitialize(VOID)
                                &CsrApiPortName,
                                0,
                                NULL,
-                               NULL /* FIXME*/);
+                               NULL /* FIXME: Use the Security Descriptor */);
 
     /* Create the Port Object */
     Status = NtCreatePort(&CsrApiPort,
                           &ObjectAttributes,
-                          LPC_MAX_DATA_LENGTH, // HACK: the real value is: sizeof(CSR_CONNECTION_INFO),
-                          LPC_MAX_MESSAGE_LENGTH, // HACK: the real value is: sizeof(CSR_API_MESSAGE),
+                          sizeof(CSR_CONNECTION_INFO),
+                          sizeof(CSR_API_MESSAGE),
                           16 * PAGE_SIZE);
     if (NT_SUCCESS(Status))
     {