Made request tracing more robust against bogus lengths.

ef88637f · Alexandre Julliard · f35cdc8e · ef88637f · ef88637f · ef88637f
Commit ef88637f authored Apr 04, 2000 by Alexandre Julliard
13 changed files
--- a/server/atom.c
+++ b/server/atom.c
@@ -277,5 +277,6 @@ DECL_HANDLER(find_atom)
 /* get global atom name */
 DECL_HANDLER(get_atom_name)
 {
+    req->name[0] = 0;
    req->count = get_atom_name( global_table, req->atom, req->name );
 }
--- a/server/console.c
+++ b/server/console.c
@@ -439,7 +439,7 @@ DECL_HANDLER(open_console)
 /* set info about a console (output only) */
 DECL_HANDLER(set_console_info)
 {
-    size_t len = get_req_strlen( req->title );
+    size_t len = get_req_strlen( req, req->title );
    set_console_info( req->handle, req, req->title, len );
 }
@@ -447,13 +447,14 @@ DECL_HANDLER(set_console_info)
 DECL_HANDLER(get_console_info)
 {
    struct screen_buffer *console;
+    req->title[0] = 0;
    if ((console = (struct screen_buffer *)get_handle_obj( current->process, req->handle,
                                                           GENERIC_READ, &screen_buffer_ops )))
    {
        req->cursor_size    = console->cursor_size;
        req->cursor_visible = console->cursor_visible;
        req->pid            = console->pid;
-        strcpy( req->title, console->title ? console->title : "" );
+        if (console->title) strcpy( req->title, console->title );
        release_object( console );
    }
 }
@@ -496,7 +497,7 @@ DECL_HANDLER(set_console_mode)
 /* add input records to a console input queue */
 DECL_HANDLER(write_console_input)
 {
-    int max = get_req_size( req + 1, sizeof(INPUT_RECORD) );
+    int max = get_req_size( req, req + 1, sizeof(INPUT_RECORD) );
    int count = req->count;
    if (count > max) count = max;
@@ -506,7 +507,7 @@ DECL_HANDLER(write_console_input)
 /* fetch input records from a console input queue */
 DECL_HANDLER(read_console_input)
 {
-    int max = get_req_size( req + 1, sizeof(INPUT_RECORD) );
+    int max = get_req_size( req, req + 1, sizeof(INPUT_RECORD) );
    req->read = read_console_input( req->handle, req->count, (INPUT_RECORD *)(req + 1),
                                    max, req->flush );
 }
--- a/server/event.c
+++ b/server/event.c
@@ -114,7 +114,7 @@ static int event_satisfied( struct object *obj, struct thread *thread )
 /* create an event */
 DECL_HANDLER(create_event)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    struct event *event;
    req->handle = -1;
@@ -128,7 +128,7 @@ DECL_HANDLER(create_event)
 /* open a handle to an event */
 DECL_HANDLER(open_event)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    req->handle = open_object( req->name, len, &event_ops, req->access, req->inherit );
 }

--- a/server/file.c
+++ b/server/file.c
@@ -450,7 +450,7 @@ static int file_unlock( struct file *file, int offset_high, int offset_low,
 /* create a file */
 DECL_HANDLER(create_file)
 {
-    size_t len = get_req_strlen( req->name );
+    size_t len = get_req_strlen( req, req->name );
    struct file *file;
    req->handle = -1;

--- a/server/mapping.c
+++ b/server/mapping.c
@@ -160,7 +160,7 @@ int get_page_size(void)
 /* create a file mapping */
 DECL_HANDLER(create_mapping)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    struct object *obj;
    req->handle = -1;
@@ -177,7 +177,7 @@ DECL_HANDLER(create_mapping)
 /* open a handle to a mapping */
 DECL_HANDLER(open_mapping)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    req->handle = open_object( req->name, len, &mapping_ops, req->access, req->inherit );
 }

--- a/server/mutex.c
+++ b/server/mutex.c
@@ -139,7 +139,7 @@ static void mutex_destroy( struct object *obj )
 /* create a mutex */
 DECL_HANDLER(create_mutex)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    struct mutex *mutex;
    req->handle = -1;
@@ -153,7 +153,7 @@ DECL_HANDLER(create_mutex)
 /* open a handle to a mutex */
 DECL_HANDLER(open_mutex)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    req->handle = open_object( req->name, len, &mutex_ops, req->access, req->inherit );
 }

--- a/server/process.c
+++ b/server/process.c
@@ -578,7 +578,7 @@ struct process_snapshot *process_snap( int *count )
 /* create a new process */
 DECL_HANDLER(new_process)
 {
-    size_t len = get_req_strlen( req->cmdline );
+    size_t len = get_req_strlen( req, req->cmdline );
    struct thread *thread;
    int sock[2];
@@ -722,7 +722,7 @@ DECL_HANDLER(read_process_memory)
    if ((process = get_process_from_handle( req->handle, PROCESS_VM_READ )))
    {
        read_process_memory( process, req->addr, req->len,
-                             get_req_size( req->data, sizeof(int) ), req->data );
+                             get_req_size( req, req->data, sizeof(int) ), req->data );
        release_object( process );
    }
 }
@@ -734,7 +734,8 @@ DECL_HANDLER(write_process_memory)
    if ((process = get_process_from_handle( req->handle, PROCESS_VM_WRITE )))
    {
-        write_process_memory( process, req->addr, req->len, get_req_size( req->data, sizeof(int) ),
+        write_process_memory( process, req->addr, req->len,
+                              get_req_size( req, req->data, sizeof(int) ),
                              req->first_mask, req->last_mask, req->data );
        release_object( process );
    }

--- a/server/registry.c
+++ b/server/registry.c
@@ -308,10 +308,10 @@ static WCHAR *get_path_token( const WCHAR *initpath, size_t maxlen )
 }
 /* duplicate a Unicode string from the request buffer */
-static WCHAR *req_strdupW( const WCHAR *str )
+static WCHAR *req_strdupW( const void *req, const WCHAR *str )
 {
    WCHAR *name;
-    size_t len = get_req_strlenW( str );
+    size_t len = get_req_strlenW( req, str );
    if ((name = mem_alloc( (len + 1) * sizeof(WCHAR) )) != NULL)
    {
        memcpy( name, str, len * sizeof(WCHAR) );
@@ -741,7 +741,6 @@ static void get_value( struct key *key, WCHAR *name, int *type, int *len, void *
    else
    {
        *type = -1;
-        *len = 0;
        set_error( STATUS_OBJECT_NAME_NOT_FOUND );
    }
 }
@@ -751,12 +750,7 @@ static void enum_value( struct key *key, int i, WCHAR *name, int *type, int *len
 {
    struct key_value *value;
-    if (i < 0 || i > key->last_value)
+    if (i < 0 || i > key->last_value) set_error( STATUS_NO_MORE_ENTRIES );
-    {
-        name[0] = 0;
-        *len = 0;
-        set_error( STATUS_NO_MORE_ENTRIES );
-    }
    else
    {
        value = &key->values[i];
@@ -1378,7 +1372,7 @@ DECL_HANDLER(create_key)
    req->hkey = -1;
    if ((parent = get_hkey_obj( req->parent, KEY_CREATE_SUB_KEY )))
    {
-        if ((class = req_strdupW( req->class )))
+        if ((class = req_strdupW( req, req->class )))
        {
            if ((key = create_key( parent, req->name, sizeof(req->name), class, req->options,
                                   req->modif, &req->created )))
@@ -1436,6 +1430,7 @@ DECL_HANDLER(enum_key)
 {
    struct key *key;
+    req->name[0] = req->class[0] = 0;
    if ((key = get_hkey_obj( req->hkey, KEY_ENUMERATE_SUB_KEYS )))
    {
        enum_key( key, req->index, req->name, req->class, &req->modif );
@@ -1448,6 +1443,7 @@ DECL_HANDLER(query_key_info)
 {
    struct key *key;
+    req->name[0] = req->class[0] = 0;
    if ((key = get_hkey_obj( req->hkey, KEY_QUERY_VALUE )))
    {
        query_key( key, req );
@@ -1459,7 +1455,7 @@ DECL_HANDLER(query_key_info)
 DECL_HANDLER(set_key_value)
 {
    struct key *key;
-    int max = get_req_size( req->data, sizeof(req->data[0]) );
+    int max = get_req_size( req, req->data, sizeof(req->data[0]) );
    int datalen = req->len;
    if (datalen > max)
    {
@@ -1478,6 +1474,7 @@ DECL_HANDLER(get_key_value)
 {
    struct key *key;
+    req->len = 0;
    if ((key = get_hkey_obj( req->hkey, KEY_QUERY_VALUE )))
    {
        get_value( key, copy_path( req->name ), &req->type, &req->len, req->data );
@@ -1490,6 +1487,8 @@ DECL_HANDLER(enum_key_value)
 {
    struct key *key;
+    req->len = 0;
+    req->name[0] = 0;
    if ((key = get_hkey_obj( req->hkey, KEY_QUERY_VALUE )))
    {
        enum_value( key, req->index, req->name, &req->type, &req->len, req->data );
@@ -1505,7 +1504,7 @@ DECL_HANDLER(delete_key_value)
    if ((key = get_hkey_obj( req->hkey, KEY_SET_VALUE )))
    {
-        if ((name = req_strdupW( req->name )))
+        if ((name = req_strdupW( req, req->name )))
        {
            delete_value( key, name );
            free( name );

--- a/server/request.h
+++ b/server/request.h
@@ -46,24 +46,24 @@ static inline void *get_req_ptr( struct thread *thread )
 }
 /* get the remaining size in the request buffer for object of a given size */
-static inline int get_req_size( const void *ptr, size_t typesize )
+static inline int get_req_size( const void *req, const void *ptr, size_t typesize )
 {
-    return ((char *)current->buffer + MAX_REQUEST_LENGTH - (char *)ptr) / typesize;
+    return ((char *)req + MAX_REQUEST_LENGTH - (char *)ptr) / typesize;
 }
 /* get the length of a request string, without going past the end of the request */
-static inline size_t get_req_strlen( const char *str )
+static inline size_t get_req_strlen( const void *req, const char *str )
 {
    const char *p = str;
-    while (*p && (p < (char *)current->buffer + MAX_REQUEST_LENGTH - 1)) p++;
+    while (*p && (p < (char *)req + MAX_REQUEST_LENGTH - 1)) p++;
    return p - str;
 }
 /* same as above for Unicode */
-static inline size_t get_req_strlenW( const WCHAR *str )
+static inline size_t get_req_strlenW( const void *req, const WCHAR *str )
 {
    const WCHAR *p = str;
-    while (*p && ((char *)p < (char *)current->buffer + MAX_REQUEST_LENGTH - 2)) p++;
+    while (*p && (p < (WCHAR *)req + MAX_REQUEST_LENGTH/sizeof(WCHAR) - 1)) p++;
    return p - str;
 }

--- a/server/semaphore.c
+++ b/server/semaphore.c
@@ -122,7 +122,7 @@ static int semaphore_satisfied( struct object *obj, struct thread *thread )
 /* create a semaphore */
 DECL_HANDLER(create_semaphore)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    struct semaphore *sem;
    req->handle = -1;
@@ -136,7 +136,7 @@ DECL_HANDLER(create_semaphore)
 /* open a handle to a semaphore */
 DECL_HANDLER(open_semaphore)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    req->handle = open_object( req->name, len, &semaphore_ops, req->access, req->inherit );
 }

--- a/server/timer.c
+++ b/server/timer.c
@@ -164,7 +164,7 @@ static void timer_destroy( struct object *obj )
 /* create a timer */
 DECL_HANDLER(create_timer)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    struct timer *timer;
    req->handle = -1;
@@ -178,7 +178,7 @@ DECL_HANDLER(create_timer)
 /* open a handle to a timer */
 DECL_HANDLER(open_timer)
 {
-    size_t len = get_req_strlenW( req->name );
+    size_t len = get_req_strlenW( req, req->name );
    req->handle = open_object( req->name, len, &timer_ops, req->access, req->inherit );
 }

--- a/server/trace.c
+++ b/server/trace.c
--- a/tools/make_requests
+++ b/tools/make_requests
@@ -19,8 +19,8 @@
    "debug_event_t" => "&dump_debug_event_t",
    "CONTEXT"       => "&dump_context",
    "EXCEPTION_RECORD" => "&dump_exc_record",
-    "char[1]"       => "\\\"%s\\\"",
+    "char[1]"          => "&dump_string",
-    "WCHAR[1]"      => "&dump_unicode_string"
+    "WCHAR[1]"         => "&dump_unicode_string"
 );
 my @requests = ();
@@ -139,8 +139,8 @@ sub DO_DUMP_FUNC
            {
                my $func = $1;
                push @trace_lines, "    fprintf( stderr, \" $var=\" );\n";
-                if ($type =~ /[1]/) { push @trace_lines, "    $func( req->$var );\n"; }
+                if ($type =~ /[1]/) { push @trace_lines, "    $func( req, req->$var );\n"; }
-                else { push @trace_lines, "    $func( &req->$var );\n"; }
+                else { push @trace_lines, "    $func( req, &req->$var );\n"; }
                push @trace_lines, "    fprintf( stderr, \",\" );\n" if ($#_ > 0);
            }
            else