Index: base/system/services/config.c =================================================================== --- base/system/services/config.c (révision 57194) +++ base/system/services/config.c (copie de travail) @@ -246,19 +246,17 @@ DWORD ScmReadString(HKEY hServiceKey, - LPWSTR lpValueName, + LPCWSTR lpValueName, LPWSTR *lpValue) { - DWORD dwError; - DWORD dwSize; - DWORD dwType; - DWORD dwSizeNeeded; + DWORD dwError = 0; + DWORD dwSize = 0; + DWORD dwType = 0; + LPWSTR ptr = NULL; LPWSTR expanded = NULL; - LPWSTR ptr = NULL; *lpValue = NULL; - dwSize = 0; dwError = RegQueryValueExW(hServiceKey, lpValueName, 0, @@ -268,7 +266,7 @@ if (dwError != ERROR_SUCCESS) return dwError; - ptr = HeapAlloc(GetProcessHeap(), 0, dwSize); + ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize); if (ptr == NULL) return ERROR_NOT_ENOUGH_MEMORY; @@ -279,40 +277,48 @@ (LPBYTE)ptr, &dwSize); if (dwError != ERROR_SUCCESS) - goto done; + { + HeapFree(GetProcessHeap(), 0, ptr); + return dwError; + } if (dwType == REG_EXPAND_SZ) { /* Expand the value... */ - dwSizeNeeded = ExpandEnvironmentStringsW((LPCWSTR)ptr, NULL, 0); - if (dwSizeNeeded == 0) + dwSize = ExpandEnvironmentStringsW(ptr, NULL, 0); + if (dwSize > 0) { - dwError = GetLastError(); - goto done; + expanded = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwSize * sizeof(WCHAR)); + if (expanded) + { + if (dwSize == ExpandEnvironmentStringsW(ptr, expanded, dwSize)) + { + *lpValue = expanded; + dwError = ERROR_SUCCESS; + } + else + { + dwError = GetLastError(); + HeapFree(GetProcessHeap(), 0, expanded); + } + } + else + { + dwError = ERROR_NOT_ENOUGH_MEMORY; + } } - expanded = HeapAlloc(GetProcessHeap(), 0, dwSizeNeeded * sizeof(WCHAR)); - if (dwSizeNeeded < ExpandEnvironmentStringsW((LPCWSTR)ptr, expanded, dwSizeNeeded)) + else { dwError = GetLastError(); - goto done; } - *lpValue = expanded; + HeapFree(GetProcessHeap(), 0, ptr); - dwError = ERROR_SUCCESS; } else { *lpValue = ptr; } -done: - if (dwError != ERROR_SUCCESS) - { - HeapFree(GetProcessHeap(), 0, ptr); - if (expanded) - HeapFree(GetProcessHeap(), 0, expanded); - } - return dwError; } Index: base/system/services/database.c =================================================================== --- base/system/services/database.c (révision 57194) +++ base/system/services/database.c (copie de travail) @@ -591,7 +591,7 @@ if (dwMaxSubkeyLen > sizeof(szNameBuf) / sizeof(WCHAR)) { /* Name too big: alloc a buffer for it */ - lpszName = HeapAlloc(GetProcessHeap(), 0, dwMaxSubkeyLen * sizeof(WCHAR)); + lpszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwMaxSubkeyLen * sizeof(WCHAR)); } if (!lpszName) Index: base/system/services/rpcserver.c =================================================================== --- base/system/services/rpcserver.c (révision 57194) +++ base/system/services/rpcserver.c (copie de travail) @@ -301,7 +301,7 @@ if (dwError != ERROR_SUCCESS && dwError != ERROR_MORE_DATA) goto findFreeTag; - pdwGroupTags = HeapAlloc(GetProcessHeap(), 0, cbDataSize); + pdwGroupTags = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbDataSize); if (!pdwGroupTags) { dwError = ERROR_NOT_ENOUGH_MEMORY; @@ -1635,11 +1635,6 @@ } lpService = (PSERVICE)hServiceStatus; - if (lpService == NULL) - { - DPRINT("lpService == NULL!\n"); - return ERROR_INVALID_HANDLE; - } /* Check current state */ if (!ScmIsValidServiceState(lpServiceStatus->dwCurrentState)) @@ -1819,7 +1814,7 @@ /* Update the display name */ lpDisplayNameW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (wcslen(lpDisplayName) + 1) * sizeof(WCHAR)); if (lpDisplayNameW == NULL) { @@ -2142,7 +2137,8 @@ *lpDisplayName != 0 && _wcsicmp(lpService->lpDisplayName, lpDisplayName) != 0) { - lpService->lpDisplayName = HeapAlloc(GetProcessHeap(), 0, + lpService->lpDisplayName = HeapAlloc(GetProcessHeap(), + HEAP_ZERO_MEMORY, (wcslen(lpDisplayName) + 1) * sizeof(WCHAR)); if (lpService->lpDisplayName == NULL) { @@ -2424,7 +2420,7 @@ /* Allocate memory for array of service pointers */ lpServicesArray = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (dwServicesReturned + 1) * sizeof(PSERVICE)); if (!lpServicesArray) { @@ -2447,7 +2443,7 @@ goto Done; } - lpServicesPtr = (LPENUM_SERVICE_STATUSW) lpServices; + lpServicesPtr = (LPENUM_SERVICE_STATUSW)lpServices; lpStr = (LPWSTR)(lpServices + (dwServicesReturned * sizeof(ENUM_SERVICE_STATUSW))); /* Copy EnumDepenedentService to Buffer */ @@ -2470,7 +2466,7 @@ lpServicesPtr->lpServiceName = (LPWSTR)((ULONG_PTR)lpStr - (ULONG_PTR)lpServices); lpStr += (wcslen(lpService->lpServiceName) + 1); - lpServicesPtr ++; + lpServicesPtr++; } *lpServicesReturned = dwServicesReturned; @@ -3190,7 +3186,7 @@ { /* Set the display name */ lpDisplayNameW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (strlen(lpDisplayName) + 1) * sizeof(WCHAR)); if (lpDisplayNameW == NULL) { @@ -3268,7 +3264,7 @@ { /* Set the image path */ lpBinaryPathNameW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (strlen(lpBinaryPathName) + 1) * sizeof(WCHAR)); if (lpBinaryPathNameW == NULL) { @@ -3314,7 +3310,7 @@ if (lpLoadOrderGroup != NULL && *lpLoadOrderGroup != 0) { lpLoadOrderGroupW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (strlen(lpLoadOrderGroup) + 1) * sizeof(WCHAR)); if (lpLoadOrderGroupW == NULL) { @@ -3372,7 +3368,7 @@ if (lpDependencies != NULL && *lpDependencies != 0) { lpDependenciesW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (strlen((LPSTR)lpDependencies) + 1) * sizeof(WCHAR)); if (lpDependenciesW == NULL) { @@ -3446,7 +3442,7 @@ if (lpServiceName) { len = MultiByteToWideChar(CP_ACP, 0, lpServiceName, -1, NULL, 0); - lpServiceNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + lpServiceNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (!lpServiceNameW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3458,7 +3454,7 @@ if (lpDisplayName) { len = MultiByteToWideChar(CP_ACP, 0, lpDisplayName, -1, NULL, 0); - lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + lpDisplayNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (!lpDisplayNameW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3470,7 +3466,7 @@ if (lpBinaryPathName) { len = MultiByteToWideChar(CP_ACP, 0, lpBinaryPathName, -1, NULL, 0); - lpBinaryPathNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + lpBinaryPathNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (!lpBinaryPathNameW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3482,7 +3478,7 @@ if (lpLoadOrderGroup) { len = MultiByteToWideChar(CP_ACP, 0, lpLoadOrderGroup, -1, NULL, 0); - lpLoadOrderGroupW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + lpLoadOrderGroupW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (!lpLoadOrderGroupW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3502,7 +3498,7 @@ } dwDependenciesLength++; - lpDependenciesW = HeapAlloc(GetProcessHeap(), 0, dwDependenciesLength * sizeof(WCHAR)); + lpDependenciesW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwDependenciesLength * sizeof(WCHAR)); if (!lpDependenciesW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3514,7 +3510,7 @@ if (lpServiceStartName) { len = MultiByteToWideChar(CP_ACP, 0, lpServiceStartName, -1, NULL, 0); - lpServiceStartNameW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); + lpServiceStartNameW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len * sizeof(WCHAR)); if (!lpServiceStartNameW) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); @@ -3638,7 +3634,7 @@ /* Allocate memory for array of service pointers */ lpServicesArray = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, (dwServicesReturned + 1) * sizeof(PSERVICE)); if (!lpServicesArray) { @@ -3698,7 +3694,7 @@ lpServicesPtr->lpServiceName = (LPSTR)((ULONG_PTR)lpStr - (ULONG_PTR)lpServices); lpStr += strlen(lpStr) + 1; - lpServicesPtr ++; + lpServicesPtr++; } *lpServicesReturned = dwServicesReturned; @@ -4755,7 +4751,7 @@ dwLength = (DWORD)((strlen(Info.lpDescription) + 1) * sizeof(WCHAR)); lpServiceDescriptonW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, dwLength + sizeof(SERVICE_DESCRIPTIONW)); if (!lpServiceDescriptonW) { @@ -4797,7 +4793,7 @@ dwLength = dwRebootLen + dwCommandLen + sizeof(SERVICE_FAILURE_ACTIONSW); lpServiceFailureActionsW = HeapAlloc(GetProcessHeap(), - 0, + HEAP_ZERO_MEMORY, dwLength); if (!lpServiceFailureActionsW) { Index: base/system/services/services.h =================================================================== --- base/system/services/services.h (révision 57194) +++ base/system/services/services.h (copie de travail) @@ -106,7 +106,7 @@ BOOL ScmIsDeleteFlagSet(HKEY hServiceKey); DWORD ScmReadString(HKEY hServiceKey, - LPWSTR lpValueName, + LPCWSTR lpValueName, LPWSTR *lpValue); DWORD Index: dll/win32/advapi32/service/scm.c =================================================================== --- dll/win32/advapi32/service/scm.c (révision 57194) +++ dll/win32/advapi32/service/scm.c (copie de travail) @@ -287,7 +287,7 @@ { DWORD dwError; DWORD dwDependenciesLength = 0; - DWORD dwLength; + SIZE_T cchLength; LPCSTR lpStr; DWORD dwPasswordLength = 0; LPBYTE lpEncryptedPassword = NULL; @@ -300,16 +300,16 @@ lpStr = lpDependencies; while (*lpStr) { - dwLength = strlen(lpStr) + 1; - dwDependenciesLength += dwLength; - lpStr = lpStr + dwLength; + cchLength = strlen(lpStr) + 1; + dwDependenciesLength += (DWORD)cchLength; + lpStr = lpStr + cchLength; } dwDependenciesLength++; } /* FIXME: Encrypt the password */ lpEncryptedPassword = (LPBYTE)lpPassword; - dwPasswordLength = (lpPassword ? (strlen(lpPassword) + 1) * sizeof(CHAR) : 0); + dwPasswordLength = (DWORD)(lpPassword ? (strlen(lpPassword) + 1) * sizeof(CHAR) : 0); RpcTryExcept { @@ -365,7 +365,7 @@ { DWORD dwError; DWORD dwDependenciesLength = 0; - DWORD dwLength; + SIZE_T cchLength; LPCWSTR lpStr; DWORD dwPasswordLength = 0; LPBYTE lpEncryptedPassword = NULL; @@ -378,16 +378,16 @@ lpStr = lpDependencies; while (*lpStr) { - dwLength = wcslen(lpStr) + 1; - dwDependenciesLength += dwLength; - lpStr = lpStr + dwLength; + cchLength = wcslen(lpStr) + 1; + dwDependenciesLength += (DWORD)cchLength; + lpStr = lpStr + cchLength; } dwDependenciesLength++; } /* FIXME: Encrypt the password */ lpEncryptedPassword = (LPBYTE)lpPassword; - dwPasswordLength = (lpPassword ? (wcslen(lpPassword) + 1) * sizeof(WCHAR) : 0); + dwPasswordLength = (DWORD)(lpPassword ? (wcslen(lpPassword) + 1) * sizeof(WCHAR) : 0); RpcTryExcept { @@ -547,7 +547,7 @@ SC_HANDLE hService = NULL; DWORD dwDependenciesLength = 0; DWORD dwError; - DWORD dwLength; + SIZE_T cchLength; LPCSTR lpStr; DWORD dwPasswordLength = 0; LPBYTE lpEncryptedPassword = NULL; @@ -568,16 +568,16 @@ lpStr = lpDependencies; while (*lpStr) { - dwLength = strlen(lpStr) + 1; - dwDependenciesLength += dwLength; - lpStr = lpStr + dwLength; + cchLength = strlen(lpStr) + 1; + dwDependenciesLength += (DWORD)cchLength; + lpStr = lpStr + cchLength; } dwDependenciesLength++; } /* FIXME: Encrypt the password */ lpEncryptedPassword = (LPBYTE)lpPassword; - dwPasswordLength = (lpPassword ? (strlen(lpPassword) + 1) * sizeof(CHAR) : 0); + dwPasswordLength = (DWORD)(lpPassword ? (strlen(lpPassword) + 1) * sizeof(CHAR) : 0); RpcTryExcept { @@ -639,7 +639,7 @@ SC_HANDLE hService = NULL; DWORD dwDependenciesLength = 0; DWORD dwError; - DWORD dwLength; + SIZE_T cchLength; LPCWSTR lpStr; DWORD dwPasswordLength = 0; LPBYTE lpEncryptedPassword = NULL; @@ -660,9 +660,9 @@ lpStr = lpDependencies; while (*lpStr) { - dwLength = wcslen(lpStr) + 1; - dwDependenciesLength += dwLength; - lpStr = lpStr + dwLength; + cchLength = wcslen(lpStr) + 1; + dwDependenciesLength += (DWORD)cchLength; + lpStr = lpStr + cchLength; } dwDependenciesLength++; @@ -671,7 +671,7 @@ /* FIXME: Encrypt the password */ lpEncryptedPassword = (LPBYTE)lpPassword; - dwPasswordLength = (lpPassword ? (wcslen(lpPassword) + 1) * sizeof(WCHAR) : 0); + dwPasswordLength = (DWORD)(lpPassword ? (wcslen(lpPassword) + 1) * sizeof(WCHAR) : 0); RpcTryExcept { Index: dll/win32/advapi32/service/sctrl.c =================================================================== --- dll/win32/advapi32/service/sctrl.c (révision 57194) +++ dll/win32/advapi32/service/sctrl.c (copie de travail) @@ -290,6 +290,9 @@ LPWSTR *lpArg; DWORD i; + if (ControlPacket == NULL || lpArgCount == NULL || lpArgVector == NULL) + return ERROR_INVALID_PARAMETER; + *lpArgCount = 0; *lpArgVector = NULL; @@ -334,6 +337,9 @@ DWORD dwAnsiSize; DWORD i; + if (ControlPacket == NULL || lpArgCount == NULL || lpArgVector == NULL) + return ERROR_INVALID_PARAMETER; + *lpArgCount = 0; *lpArgVector = NULL; @@ -399,6 +405,9 @@ DWORD ThreadId; DWORD dwError; + if (lpService == NULL || ControlPacket == NULL) + return ERROR_INVALID_PARAMETER; + TRACE("ScStartService() called\n"); TRACE("Size: %lu\n", ControlPacket->dwSize); TRACE("Service: %S\n", (PWSTR)((PBYTE)ControlPacket + ControlPacket->dwServiceNameOffset)); @@ -470,6 +479,9 @@ ScControlService(PACTIVE_SERVICE lpService, PSCM_CONTROL_PACKET ControlPacket) { + if (lpService == NULL || ControlPacket == NULL) + return ERROR_INVALID_PARAMETER; + TRACE("ScControlService() called\n"); TRACE("Size: %lu\n", ControlPacket->dwSize); TRACE("Service: %S\n", (PWSTR)((PBYTE)ControlPacket + ControlPacket->dwServiceNameOffset)); @@ -505,6 +517,9 @@ TRACE("ScDispatcherLoop() called\n"); + if (ControlPacket == NULL || dwBufferSize < sizeof(SCM_CONTROL_PACKET)) + return FALSE; + while (TRUE) { /* Read command from the control pipe */