Index: ntoskrnl/ex/atom.c =================================================================== --- ntoskrnl/ex/atom.c (révision 57329) +++ ntoskrnl/ex/atom.c (copie de travail) @@ -101,14 +101,20 @@ if (AtomTable == NULL) return STATUS_ACCESS_DENIED; /* Check for valid name */ + if (AtomName == NULL) + { + /* The caller supplied an empty atom name! */ + DPRINT1("Empty atom name\n"); + return STATUS_OBJECT_NAME_INVALID; + } if (AtomNameLength > (RTL_MAXIMUM_ATOM_LENGTH * sizeof(WCHAR))) { /* Fail */ DPRINT1("Atom name too long\n"); return STATUS_INVALID_PARAMETER; } - - /* Re-use the given name if kernel mode or no atom name */ + + /* Re-use the given name if kernel mode */ CapturedName = AtomName; /* Check if we're called from user-mode*/ @@ -117,33 +123,29 @@ /* Enter SEH */ _SEH2_TRY { - /* Check if we have a name */ - if (AtomName) + /* Probe the atom */ + ProbeForRead(AtomName, AtomNameLength, sizeof(WCHAR)); + + /* Allocate an aligned buffer + the null char */ + CapturedSize = ((AtomNameLength + sizeof(WCHAR)) &~ + (sizeof(WCHAR) -1)); + CapturedName = ExAllocatePoolWithTag(PagedPool, + CapturedSize, + TAG_ATOM); + if (!CapturedName) { - /* Probe the atom */ - ProbeForRead(AtomName, AtomNameLength, sizeof(WCHAR)); + /* Fail the call */ + Status = STATUS_INSUFFICIENT_RESOURCES; + } + else + { + /* Copy the name and null-terminate it */ + RtlCopyMemory(CapturedName, AtomName, AtomNameLength); + CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL; + } - /* Allocate an aligned buffer + the null char */ - CapturedSize = ((AtomNameLength + sizeof(WCHAR)) &~ - (sizeof(WCHAR) -1)); - CapturedName = ExAllocatePoolWithTag(PagedPool, - CapturedSize, - TAG_ATOM); - if (!CapturedName) - { - /* Fail the call */ - Status = STATUS_INSUFFICIENT_RESOURCES; - } - else - { - /* Copy the name and null-terminate it */ - RtlCopyMemory(CapturedName, AtomName, AtomNameLength); - CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL; - } - - /* Probe the atom too */ - if (Atom) ProbeForWriteUshort(Atom); - } + /* Probe the atom too */ + if (Atom) ProbeForWriteUshort(Atom); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { @@ -154,21 +156,24 @@ } /* Call the runtime function */ - Status = RtlAddAtomToAtomTable(AtomTable, CapturedName, &SafeAtom); - if (NT_SUCCESS(Status) && (Atom)) + if (CapturedName) { - /* Success and caller wants the atom back.. .enter SEH */ - _SEH2_TRY + Status = RtlAddAtomToAtomTable(AtomTable, CapturedName, &SafeAtom); + if (NT_SUCCESS(Status) && (Atom)) { - /* Return the atom */ - *Atom = SafeAtom; + /* Success and caller wants the atom back... enter SEH */ + _SEH2_TRY + { + /* Return the atom */ + *Atom = SafeAtom; + } + _SEH2_EXCEPT(ExSystemExceptionFilter()) + { + /* Get the exception code */ + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; } - _SEH2_EXCEPT(ExSystemExceptionFilter()) - { - /* Get the exception code */ - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; } /* If we captured anything, free it */ @@ -252,14 +257,20 @@ if (AtomTable == NULL) return STATUS_ACCESS_DENIED; /* Check for valid name */ + if (AtomName == NULL) + { + /* The caller supplied an empty atom name! */ + DPRINT1("Empty atom name\n"); + return STATUS_OBJECT_NAME_INVALID; + } if (AtomNameLength > (RTL_MAXIMUM_ATOM_LENGTH * sizeof(WCHAR))) { /* Fail */ DPRINT1("Atom name too long\n"); return STATUS_INVALID_PARAMETER; } - - /* Re-use the given name if kernel mode or no atom name */ + + /* Re-use the given name if kernel mode */ CapturedName = AtomName; /* Check if we're called from user-mode*/ @@ -268,33 +279,29 @@ /* Enter SEH */ _SEH2_TRY { - /* Check if we have a name */ - if (AtomName) + /* Probe the atom */ + ProbeForRead(AtomName, AtomNameLength, sizeof(WCHAR)); + + /* Allocate an aligned buffer + the null char */ + CapturedSize = ((AtomNameLength + sizeof(WCHAR)) &~ + (sizeof(WCHAR) -1)); + CapturedName = ExAllocatePoolWithTag(PagedPool, + CapturedSize, + TAG_ATOM); + if (!CapturedName) { - /* Probe the atom */ - ProbeForRead(AtomName, AtomNameLength, sizeof(WCHAR)); + /* Fail the call */ + Status = STATUS_INSUFFICIENT_RESOURCES; + } + else + { + /* Copy the name and null-terminate it */ + RtlCopyMemory(CapturedName, AtomName, AtomNameLength); + CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL; + } - /* Allocate an aligned buffer + the null char */ - CapturedSize = ((AtomNameLength + sizeof(WCHAR)) &~ - (sizeof(WCHAR) -1)); - CapturedName = ExAllocatePoolWithTag(PagedPool, - CapturedSize, - TAG_ATOM); - if (!CapturedName) - { - /* Fail the call */ - Status = STATUS_INSUFFICIENT_RESOURCES; - } - else - { - /* Copy the name and null-terminate it */ - RtlCopyMemory(CapturedName, AtomName, AtomNameLength); - CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL; - } - - /* Probe the atom too */ - if (Atom) ProbeForWriteUshort(Atom); - } + /* Probe the atom too */ + if (Atom) ProbeForWriteUshort(Atom); } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { @@ -305,20 +312,23 @@ } /* Call the runtime function */ - Status = RtlLookupAtomInAtomTable(AtomTable, CapturedName, &SafeAtom); - if (NT_SUCCESS(Status) && (Atom)) + if (CapturedName) { - /* Success and caller wants the atom back.. .enter SEH */ - _SEH2_TRY + Status = RtlLookupAtomInAtomTable(AtomTable, CapturedName, &SafeAtom); + if (NT_SUCCESS(Status) && (Atom)) { - /* Return the atom */ - *Atom = SafeAtom; + /* Success and caller wants the atom back... enter SEH */ + _SEH2_TRY + { + /* Return the atom */ + *Atom = SafeAtom; + } + _SEH2_EXCEPT(ExSystemExceptionFilter()) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; } - _SEH2_EXCEPT(ExSystemExceptionFilter()) - { - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; } /* If we captured anything, free it */