From 0039187504e9eaa7895c4be09befaeb91c6777d5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Gardou?= Date: Mon, 3 Nov 2014 09:52:08 +0000 Subject: [PATCH] [NTOS/PS] - Do not leak a reference to the process object when setting quotas. svn path=/trunk/; revision=65210 --- reactos/ntoskrnl/include/internal/ps.h | 2 +- reactos/ntoskrnl/ps/query.c | 4 +++- reactos/ntoskrnl/ps/quota.c | 19 +------------------ 3 files changed, 5 insertions(+), 20 deletions(-) diff --git a/reactos/ntoskrnl/include/internal/ps.h b/reactos/ntoskrnl/include/internal/ps.h index 67506f8d461..5ea1e0eb189 100644 --- a/reactos/ntoskrnl/include/internal/ps.h +++ b/reactos/ntoskrnl/include/internal/ps.h @@ -303,7 +303,7 @@ PspDestroyQuotaBlock( NTSTATUS NTAPI PspSetQuotaLimits( - _In_ HANDLE ProcessHandle, + _In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, diff --git a/reactos/ntoskrnl/ps/query.c b/reactos/ntoskrnl/ps/query.c index b3701915096..a6a4e299372 100644 --- a/reactos/ntoskrnl/ps/query.c +++ b/reactos/ntoskrnl/ps/query.c @@ -1528,6 +1528,7 @@ NtSetInformationProcess(IN HANDLE ProcessHandle, /* Validate the number */ if ((BasePriority > HIGH_PRIORITY) || (BasePriority <= LOW_PRIORITY)) { + ObDereferenceObject(Process); return STATUS_INVALID_PARAMETER; } @@ -1918,11 +1919,12 @@ NtSetInformationProcess(IN HANDLE ProcessHandle, case ProcessQuotaLimits: - return PspSetQuotaLimits(ProcessHandle, + Status = PspSetQuotaLimits(Process, 1, ProcessInformation, ProcessInformationLength, PreviousMode); + break; case ProcessWorkingSetWatch: DPRINT1("WS watch not implemented\n"); diff --git a/reactos/ntoskrnl/ps/quota.c b/reactos/ntoskrnl/ps/quota.c index beba4d0b368..d5b30609941 100644 --- a/reactos/ntoskrnl/ps/quota.c +++ b/reactos/ntoskrnl/ps/quota.c @@ -292,14 +292,13 @@ PsReturnProcessPageFileQuota(IN PEPROCESS Process, NTSTATUS NTAPI PspSetQuotaLimits( - _In_ HANDLE ProcessHandle, + _In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode) { QUOTA_LIMITS_EX CapturedQuotaLimits; - PEPROCESS Process; PEPROCESS_QUOTA_BLOCK QuotaBlock, OldQuotaBlock; BOOLEAN IncreaseOkay; KAPC_STATE SavedApcState; @@ -368,19 +367,6 @@ PspSetQuotaLimits( } _SEH2_END; - /* Reference the process */ - Status = ObReferenceObjectByHandle(ProcessHandle, - PROCESS_SET_QUOTA, - PsProcessType, - PreviousMode, - (PVOID*)&Process, - NULL); - if (!NT_SUCCESS(Status)) - { - DPRINT1("Failed to reference process handle: 0x%lx\n", Status); - return Status; - } - /* Check the caller changes the working set size limits */ if ((CapturedQuotaLimits.MinimumWorkingSetSize != 0) && (CapturedQuotaLimits.MaximumWorkingSetSize != 0)) @@ -418,7 +404,6 @@ PspSetQuotaLimits( /* Check if the caller has the required privilege */ if (!SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege, PreviousMode)) { - ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } @@ -460,8 +445,6 @@ PspSetQuotaLimits( Status = STATUS_SUCCESS; } - /* Dereference the process and return the status */ - ObDereferenceObject(Process); return Status; } -- 2.17.1