- Don't assume the object body allocated by ObCreateObject (through ObpAllocateObject...
authorStefan Ginsberg <stefanginsberg@gmail.com>
Wed, 15 Jul 2009 16:13:08 +0000 (16:13 +0000)
committerStefan Ginsberg <stefanginsberg@gmail.com>
Wed, 15 Jul 2009 16:13:08 +0000 (16:13 +0000)
svn path=/trunk/; revision=41972

reactos/ntoskrnl/mm/section.c
reactos/ntoskrnl/se/token.c
reactos/subsystems/win32/win32k/ntuser/desktop.c
reactos/subsystems/win32/win32k/ntuser/winsta.c

index b52795d..8bbeaa6 100644 (file)
@@ -2375,6 +2375,8 @@ MmCreatePageFileSection(PROS_SECTION_OBJECT *SectionObject,
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
    Section->Segment = NULL;
@@ -2447,6 +2449,8 @@ MmCreateDataFileSection(PROS_SECTION_OBJECT *SectionObject,
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
    Section->Segment = NULL;
@@ -3373,6 +3377,9 @@ MmCreateImageSection(PROS_SECTION_OBJECT *SectionObject,
    /*
     * Initialize it
     */
+   Section->Type = 0;
+   Section->Size = 0;
+   Section->MaximumSize.QuadPart = 0;
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
 
index dbe3f77..c43d5f8 100644 (file)
@@ -247,7 +247,10 @@ SepDuplicateToken(PTOKEN Token,
         DPRINT1("ObCreateObject() failed (Status %lx)\n");
         return(Status);
     }
-    
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
+
     Status = ZwAllocateLocallyUniqueId(&AccessToken->TokenId);
     if (!NT_SUCCESS(Status))
     {
@@ -264,7 +267,6 @@ SepDuplicateToken(PTOKEN Token,
     
     AccessToken->TokenLock = &SepTokenLock;
     
-    AccessToken->TokenInUse = 0;
     AccessToken->TokenType  = TokenType;
     AccessToken->ImpersonationLevel = Level;
     RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
@@ -332,10 +334,6 @@ SepDuplicateToken(PTOKEN Token,
                    Token->DefaultDacl,
                    Token->DefaultDacl->AclSize);
         }
-        else
-        {
-            AccessToken->DefaultDacl = 0;
-        }
     }
     
     if ( NT_SUCCESS(Status) )
@@ -549,6 +547,9 @@ SepCreateSystemProcessToken(VOID)
     {
         return NULL;
     }
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
     
     Status = ExpAllocateLocallyUniqueId(&AccessToken->TokenId);
     if (!NT_SUCCESS(Status))
@@ -575,8 +576,6 @@ SepCreateSystemProcessToken(VOID)
     
     AccessToken->TokenType = TokenPrimary;
     AccessToken->ImpersonationLevel = SecurityDelegation;
-    AccessToken->TokenSource.SourceIdentifier.LowPart = 0;
-    AccessToken->TokenSource.SourceIdentifier.HighPart = 0;
     memcpy(AccessToken->TokenSource.SourceName, "SeMgr\0\0\0", 8);
     AccessToken->ExpirationTime.QuadPart = -1;
     AccessToken->UserAndGroupCount = 4;
@@ -2042,6 +2041,9 @@ NtCreateToken(OUT PHANDLE TokenHandle,
         DPRINT1("ObCreateObject() failed (Status %lx)\n");
         return(Status);
     }
+
+    /* Zero out the buffer */
+    RtlZeroMemory(AccessToken, sizeof(TOKEN));
     
     AccessToken->TokenLock = &SepTokenLock;
     
@@ -2058,8 +2060,6 @@ NtCreateToken(OUT PHANDLE TokenHandle,
     
     AccessToken->UserAndGroupCount = TokenGroups->GroupCount + 1;
     AccessToken->PrivilegeCount    = TokenPrivileges->PrivilegeCount;
-    AccessToken->UserAndGroups     = 0;
-    AccessToken->Privileges        = 0;
     
     AccessToken->TokenType = TokenType;
     AccessToken->ImpersonationLevel = ((PSECURITY_QUALITY_OF_SERVICE)
index 125568a..b5cffed 100644 (file)
@@ -142,6 +142,7 @@ IntDesktopObjectParse(IN PVOID ParseObject,
     if (!NT_SUCCESS(Status)) return Status;
 
     /* Initialize shell hook window list and set the parent */
+    RtlZeroMemory(Desktop, sizeof(DESKTOP));
     InitializeListHead(&Desktop->ShellHookWindows);
     Desktop->WindowStation = (PWINSTATION_OBJECT)ParseObject;
 
index f2c2821..5da6ce8 100644 (file)
@@ -483,6 +483,9 @@ NtUserCreateWindowStation(
       return 0;
    }
 
+   /* Zero out the buffer */
+   RtlZeroMemory(WindowStationObject, sizeof(WINSTATION_OBJECT));
+
    KeInitializeSpinLock(&WindowStationObject->Lock);
 
    InitializeListHead(&WindowStationObject->DesktopListHead);