[NTOS:LPC]
authorHermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Mon, 7 Nov 2016 12:35:09 +0000 (12:35 +0000)
committerHermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Mon, 7 Nov 2016 12:35:09 +0000 (12:35 +0000)
- Capture the ServerView/ClientView *only* when those pointers are not NULL.
- Fix a LpcRequest vs. CapturedLpcRequest in a call to LpcpMoveMessage. Caught by Thomas. CORE-7371 CR-100

svn path=/trunk/; revision=73166

reactos/ntoskrnl/lpc/complete.c
reactos/ntoskrnl/lpc/connect.c
reactos/ntoskrnl/lpc/send.c

index 23472ac..30eb700 100644 (file)
@@ -84,7 +84,9 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
             ProbeForRead(ReplyMessage + 1, ConnectionInfoLength, 1);
 
             /* The following parameters are optional */
-            if (ServerView != NULL)
+
+            /* Capture the server view */
+            if (ServerView)
             {
                 ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
                 CapturedServerView = *(volatile PORT_VIEW*)ServerView;
@@ -97,7 +99,8 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
                 }
             }
 
-            if (ClientView != NULL)
+            /* Capture the client view */
+            if (ClientView)
             {
                 ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
 
@@ -121,19 +124,27 @@ NtAcceptConnectPort(OUT PHANDLE PortHandle,
         CapturedReplyMessage = *ReplyMessage;
         ConnectionInfoLength = CapturedReplyMessage.u1.s1.DataLength;
 
-        /* Validate the size of the server view */
-        if ((ServerView) && (ServerView->Length != sizeof(*ServerView)))
+        /* Capture the server view */
+        if (ServerView)
         {
-            /* Invalid size */
-            return STATUS_INVALID_PARAMETER;
+            /* Validate the size of the server view */
+            if (ServerView->Length != sizeof(*ServerView))
+            {
+                /* Invalid size */
+                return STATUS_INVALID_PARAMETER;
+            }
+            CapturedServerView = *ServerView;
         }
-        CapturedServerView = *ServerView;
 
-        /* Validate the size of the client view */
-        if ((ClientView) && (ClientView->Length != sizeof(*ClientView)))
+        /* Capture the client view */
+        if (ClientView)
         {
-            /* Invalid size */
-            return STATUS_INVALID_PARAMETER;
+            /* Validate the size of the client view */
+            if (ClientView->Length != sizeof(*ClientView))
+            {
+                /* Invalid size */
+                return STATUS_INVALID_PARAMETER;
+            }
         }
     }
 
index 9e99538..a45468b 100644 (file)
@@ -130,7 +130,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
             /* The following parameters are optional */
 
             /* Capture the client view */
-            if (ClientView != NULL)
+            if (ClientView)
             {
                 ProbeForWrite(ClientView, sizeof(*ClientView), sizeof(ULONG));
                 CapturedClientView = *(volatile PORT_VIEW*)ClientView;
@@ -145,7 +145,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
             }
 
             /* Capture the server view */
-            if (ServerView != NULL)
+            if (ServerView)
             {
                 ProbeForWrite(ServerView, sizeof(*ServerView), sizeof(ULONG));
 
@@ -202,7 +202,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
         /* The following parameters are optional */
 
         /* Capture the client view */
-        if (ClientView != NULL)
+        if (ClientView)
         {
             /* Validate the size of the client view */
             if (ClientView->Length != sizeof(*ClientView))
@@ -214,7 +214,7 @@ NtSecureConnectPort(OUT PHANDLE PortHandle,
         }
 
         /* Capture the server view */
-        if (ServerView != NULL)
+        if (ServerView)
         {
             /* Validate the size of the server view */
             if (ServerView->Length != sizeof(*ServerView))
index 74589b9..d6b2206 100644 (file)
@@ -857,7 +857,7 @@ NtRequestWaitReplyPort(IN HANDLE PortHandle,
 
             /* Copy it */
             LpcpMoveMessage(&Message->Request,
-                            LpcRequest,
+                            &CapturedLpcRequest,
                             LpcRequest + 1,
                             MessageType,
                             &Thread->Cid);