Commit 02ed704b authored by Alexandre Julliard's avatar Alexandre Julliard

server: Check file access in register_async before calling the object method.

parent df09ac51
...@@ -1728,8 +1728,7 @@ int fd_queue_async_timeout( struct fd *fd, const async_data_t *data, int type, i ...@@ -1728,8 +1728,7 @@ int fd_queue_async_timeout( struct fd *fd, const async_data_t *data, int type, i
queue = fd->wait_q; queue = fd->wait_q;
break; break;
default: default:
set_error( STATUS_INVALID_PARAMETER ); assert(0);
return 0;
} }
if (!create_async( current, timeout, queue, data )) return 0; if (!create_async( current, timeout, queue, data )) return 0;
...@@ -1946,21 +1945,23 @@ DECL_HANDLER(unmount_device) ...@@ -1946,21 +1945,23 @@ DECL_HANDLER(unmount_device)
/* create / reschedule an async I/O */ /* create / reschedule an async I/O */
DECL_HANDLER(register_async) DECL_HANDLER(register_async)
{ {
struct fd *fd = get_handle_fd_obj( current->process, req->handle, 0 ); unsigned int access;
struct fd *fd;
/* switch(req->type)
* The queue_async method must do the following: {
* case ASYNC_TYPE_READ:
* 1. Get the async_queue for the request of given type. access = FILE_READ_DATA;
* 2. Create a new asynchronous request for the selected queue break;
* 3. Carry out any operations necessary to adjust the object's poll events case ASYNC_TYPE_WRITE:
* Usually: set_elect_events (obj, obj->ops->get_poll_events()). access = FILE_WRITE_DATA;
* 4. When the async request is triggered, then send back (with a proper APC) break;
* the trigger (STATUS_ALERTED) to the thread that posted the request. default:
* See also the implementations in file.c, serial.c, and sock.c. set_error( STATUS_INVALID_PARAMETER );
*/ return;
}
if (fd) if ((fd = get_handle_fd_obj( current->process, req->handle, access )))
{ {
fd->fd_ops->queue_async( fd, &req->async, req->type, req->count ); fd->fd_ops->queue_async( fd, &req->async, req->type, req->count );
release_object( fd ); release_object( fd );
......
...@@ -236,10 +236,9 @@ static struct fd *mailslot_get_fd( struct object *obj ) ...@@ -236,10 +236,9 @@ static struct fd *mailslot_get_fd( struct object *obj )
static unsigned int mailslot_map_access( struct object *obj, unsigned int access ) static unsigned int mailslot_map_access( struct object *obj, unsigned int access )
{ {
/* mailslots can only be read */
if (access & GENERIC_READ) access |= FILE_GENERIC_READ; if (access & GENERIC_READ) access |= FILE_GENERIC_READ;
if (access & GENERIC_WRITE) access |= FILE_GENERIC_WRITE; if (access & GENERIC_ALL) access |= FILE_GENERIC_READ;
if (access & GENERIC_EXECUTE) access |= FILE_GENERIC_EXECUTE;
if (access & GENERIC_ALL) access |= FILE_ALL_ACCESS;
return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL); return access & ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
} }
...@@ -286,12 +285,6 @@ static void mailslot_queue_async( struct fd *fd, const async_data_t *data, int t ...@@ -286,12 +285,6 @@ static void mailslot_queue_async( struct fd *fd, const async_data_t *data, int t
assert(mailslot->obj.ops == &mailslot_ops); assert(mailslot->obj.ops == &mailslot_ops);
if (type != ASYNC_TYPE_READ)
{
set_error(STATUS_INVALID_PARAMETER);
return;
}
if (list_empty( &mailslot->writers ) || if (list_empty( &mailslot->writers ) ||
!mailslot_message_count( mailslot )) !mailslot_message_count( mailslot ))
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment