https://git.reactos.org/?p=reactos.git;a=commitdiff;h=68ebcf16b8472a61e23a03fd44a9ba98155f53cd
commit 68ebcf16b8472a61e23a03fd44a9ba98155f53cd Author: Thomas Faber <[email protected]> AuthorDate: Fri Dec 8 14:45:26 2017 +0100 [NTOS:KD] Protect against invalid user arguments for BREAKPOINT_LOAD_SYMBOLS. CORE-14057 --- ntoskrnl/kd/kdmain.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/ntoskrnl/kd/kdmain.c b/ntoskrnl/kd/kdmain.c index a6627b8ec0..52b8babbce 100644 --- a/ntoskrnl/kd/kdmain.c +++ b/ntoskrnl/kd/kdmain.c @@ -153,11 +153,38 @@ KdpEnterDebuggerException(IN PKTRAP_FRAME TrapFrame, #ifdef KDBG else if (ExceptionCommand == BREAKPOINT_LOAD_SYMBOLS) { + PKD_SYMBOLS_INFO SymbolsInfo; + KD_SYMBOLS_INFO CapturedSymbolsInfo; PLDR_DATA_TABLE_ENTRY LdrEntry; - /* Load symbols. Currently implemented only for KDBG! */ - if(KdbpSymFindModule(((PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2])->BaseOfDll, NULL, -1, &LdrEntry)) - KdbSymProcessSymbols(LdrEntry); + SymbolsInfo = (PKD_SYMBOLS_INFO)ExceptionRecord->ExceptionInformation[2]; + if (PreviousMode != KernelMode) + { + _SEH2_TRY + { + ProbeForRead(SymbolsInfo, + sizeof(*SymbolsInfo), + 1); + RtlCopyMemory(&CapturedSymbolsInfo, + SymbolsInfo, + sizeof(*SymbolsInfo)); + SymbolsInfo = &CapturedSymbolsInfo; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + SymbolsInfo = NULL; + } + _SEH2_END; + } + + if (SymbolsInfo != NULL) + { + /* Load symbols. Currently implemented only for KDBG! */ + if (KdbpSymFindModule(SymbolsInfo->BaseOfDll, NULL, -1, &LdrEntry)) + { + KdbSymProcessSymbols(LdrEntry); + } + } } else if (ExceptionCommand == BREAKPOINT_PROMPT) {
