summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
5661fc7)
Fix user-mode access of pointers. From a patch by Sven Bjorn (private communication) and Aleksander Andrejevic.
"[...]In the routine NtSetTimerResolution() the pointer "CurrentResolution" is
checked using ProbeForWriteUlong(), but it is then accessed outside of a try-block.
This should be an error, since the user mode memory can become invalid at any point
in time and thus potentially make the kernel crash on access.
[...]"
CORE-7387 #comment A fix by Sven Bjorn was committed in revision 61468, thanks :)
svn path=/trunk/; revision=61468
NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
{
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
{
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
- NTSTATUS Status = STATUS_SUCCESS;
PAGED_CODE();
/* Check if we were called from user-mode */
PAGED_CODE();
/* Check if we were called from user-mode */
ProbeForWriteLargeInteger(SystemTime);
/*
ProbeForWriteLargeInteger(SystemTime);
/*
- * It's safe to pass the pointer directly to KeQuerySystemTime as
- * it's just a basic copy to this pointer. If it raises an
+ * It's safe to pass the pointer directly to KeQuerySystemTime
+ * as it's just a basic copy to this pointer. If it raises an
* exception nothing dangerous can happen!
*/
KeQuerySystemTime(SystemTime);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
* exception nothing dangerous can happen!
*/
KeQuerySystemTime(SystemTime);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
- /* Get the exception code */
- Status = _SEH2_GetExceptionCode();
+ /* Return the exception code */
+ _SEH2_YIELD(return _SEH2_GetExceptionCode());
KeQuerySystemTime(SystemTime);
}
KeQuerySystemTime(SystemTime);
}
- /* Return status to caller */
- return Status;
+ /* Return success */
+ return STATUS_SUCCESS;
{
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
{
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
- /* Check if the call came from user mode */
+ /* Check if the call came from user-mode */
if (PreviousMode != KernelMode)
{
_SEH2_TRY
if (PreviousMode != KernelMode)
{
_SEH2_TRY
ProbeForWriteUlong(MinimumResolution);
ProbeForWriteUlong(MaximumResolution);
ProbeForWriteUlong(ActualResolution);
ProbeForWriteUlong(MinimumResolution);
ProbeForWriteUlong(MaximumResolution);
ProbeForWriteUlong(ActualResolution);
+
+ /*
+ * Set the parameters to the actual values.
+ *
+ * NOTE:
+ * MinimumResolution corresponds to the biggest time increment and
+ * MaximumResolution corresponds to the smallest time increment.
+ */
+ *MinimumResolution = KeMaximumIncrement;
+ *MaximumResolution = KeMinimumIncrement;
+ *ActualResolution = KeTimeIncrement;
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
-
- /*
- * Set the parameters to the actual values.
- *
- * NOTE:
- * MinimumResolution corresponds to the biggest time increment and
- * MaximumResolution corresponds to the smallest time increment.
- */
- *MinimumResolution = KeMaximumIncrement;
- *MaximumResolution = KeMinimumIncrement;
- *ActualResolution = KeTimeIncrement;
+ else
+ {
+ /* Set the parameters to the actual values */
+ *MinimumResolution = KeMaximumIncrement;
+ *MaximumResolution = KeMinimumIncrement;
+ *ActualResolution = KeTimeIncrement;
+ }
/* Return success */
return STATUS_SUCCESS;
/* Return success */
return STATUS_SUCCESS;
PEPROCESS Process = PsGetCurrentProcess();
ULONG NewResolution;
PEPROCESS Process = PsGetCurrentProcess();
ULONG NewResolution;
- /* Check if the call came from user mode */
+ /* Check if the call came from user-mode */
if (PreviousMode != KernelMode)
{
_SEH2_TRY
if (PreviousMode != KernelMode)
{
_SEH2_TRY
/* Set and return the new resolution */
NewResolution = ExSetTimerResolution(DesiredResolution, SetResolution);
/* Set and return the new resolution */
NewResolution = ExSetTimerResolution(DesiredResolution, SetResolution);
- *CurrentResolution = NewResolution;
+
+ if (PreviousMode != KernelMode)
+ {
+ _SEH2_TRY
+ {
+ *CurrentResolution = NewResolution;
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Return the exception code */
+ _SEH2_YIELD(return _SEH2_GetExceptionCode());
+ }
+ _SEH2_END;
+ }
+ else
+ {
+ *CurrentResolution = NewResolution;
+ }
if (SetResolution || Process->SetTimerResolution)
{
if (SetResolution || Process->SetTimerResolution)
{