server: Check file access in register_async before calling the object method.

02ed704b · Alexandre Julliard · df09ac51 · 02ed704b · 02ed704b
Commit 02ed704b authored Apr 02, 2007 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 24 deletions

fd.c server/fd.c +16 -15

mailslot.c server/mailslot.c +2 -9

No files found.
--- a/server/fd.c
+++ b/server/fd.c
@@ -1728,8 +1728,7 @@ int fd_queue_async_timeout( struct fd *fd, const async_data_t *data, int type, i
        queue = fd->wait_q;
        break;
    default:
-        set_error( STATUS_INVALID_PARAMETER );
-        return 0;
+        assert(0);
    }

    if (!create_async( current, timeout, queue, data )) return 0;
@@ -1946,21 +1945,23 @@ DECL_HANDLER(unmount_device)
 /* create / reschedule an async I/O */
 DECL_HANDLER(register_async)
 {
-    struct fd *fd = get_handle_fd_obj( current->process, req->handle, 0 );
+    unsigned int access;
+    struct fd *fd;

-    /*
-     * The queue_async method must do the following:
-     *
-     * 1. Get the async_queue for the request of given type.
-     * 2. Create a new asynchronous request for the selected queue
-     * 3. Carry out any operations necessary to adjust the object's poll events
-     *    Usually: set_elect_events (obj, obj->ops->get_poll_events()).
-     * 4. When the async request is triggered, then send back (with a proper APC)
-     *    the trigger (STATUS_ALERTED) to the thread that posted the request.
-     * See also the implementations in file.c, serial.c, and sock.c.
-     */
+    switch(req->type)
+    {
+    case ASYNC_TYPE_READ:
+        access = FILE_READ_DATA;
+        break;
+    case ASYNC_TYPE_WRITE:
+        access = FILE_WRITE_DATA;
+        break;
+    default:
+        set_error( STATUS_INVALID_PARAMETER );
+        return;
+    }

-    if (fd)
+    if ((fd = get_handle_fd_obj( current->process, req->handle, access )))
    {
        fd->fd_ops->queue_async( fd, &req->async, req->type, req->count );
        release_object( fd );

--- a/server/mailslot.c
+++ b/server/mailslot.c
@@ -236,10 +236,9 @@ static struct fd *mailslot_get_fd( struct object *obj )

 static unsigned int mailslot_map_access( struct object *obj, unsigned int access )
 {
+    /* mailslots can only be read */
    if (access & GENERIC_READ)    access |= FILE_GENERIC_READ;
-    if (access & GENERIC_WRITE)   access |= FILE_GENERIC_WRITE;
-    if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE;
-    if (access & GENERIC_ALL)     access |= FILE_ALL_ACCESS;
+    if (access & GENERIC_ALL)     access |= FILE_GENERIC_READ;
    return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
 }

@@ -286,12 +285,6 @@ static void mailslot_queue_async( struct fd *fd, const async_data_t *data, int t

    assert(mailslot->obj.ops == &mailslot_ops);

-    if (type != ASYNC_TYPE_READ)
-    {
-        set_error(STATUS_INVALID_PARAMETER);
-        return;
-    }
-
    if (list_empty( &mailslot->writers ) ||
        !mailslot_message_count( mailslot ))
    {