From: Thomas Faber Date: Fri, 8 Dec 2017 13:45:26 +0000 (+0100) Subject: [NTOS:KD] Protect against invalid user arguments for BREAKPOINT_LOAD_SYMBOLS. CORE... X-Git-Tag: 0.4.9-dev~689 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=68ebcf16b8472a61e23a03fd44a9ba98155f53cd [NTOS:KD] Protect against invalid user arguments for BREAKPOINT_LOAD_SYMBOLS. CORE-14057 --- diff --git a/ntoskrnl/kd/kdmain.c b/ntoskrnl/kd/kdmain.c index a6627b8ec08..52b8babbcea 100644 --- a/ntoskrnl/kd/kdmain.c +++ b/ntoskrnl/kd/kdmain.c @@ -153,11 +153,38 @@ KdpEnterDebuggerException(IN PKTRAP_FRAME TrapFrame, #ifdef KDBG else if (ExceptionCommand == BREAKPOINT_LOAD_SYMBOLS) { + PKD_SYMBOLS_INFO SymbolsInfo; + KD_SYMBOLS_INFO CapturedSymbolsInfo; PLDR_DATA_TABLE_ENTRY LdrEntry; - /* Load symbols. Currently implemented only for KDBG! */ - if(KdbpSymFindModule(((PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2])->BaseOfDll, NULL, -1, &LdrEntry)) - KdbSymProcessSymbols(LdrEntry); + SymbolsInfo = (PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2]; + if (PreviousMode != KernelMode) + { + _SEH2_TRY + { + ProbeForRead(SymbolsInfo, + sizeof(*SymbolsInfo), + 1); + RtlCopyMemory(&CapturedSymbolsInfo, + SymbolsInfo, + sizeof(*SymbolsInfo)); + SymbolsInfo = &CapturedSymbolsInfo; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + SymbolsInfo = NULL; + } + _SEH2_END; + } + + if (SymbolsInfo != NULL) + { + /* Load symbols. Currently implemented only for KDBG! */ + if (KdbpSymFindModule(SymbolsInfo->BaseOfDll, NULL, -1, &LdrEntry)) + { + KdbSymProcessSymbols(LdrEntry); + } + } } else if (ExceptionCommand == BREAKPOINT_PROMPT) {