api: switch to private heap

We must not use the process heap, as it is changeable. Client may change
it causing our HeapFree() to use wrong heap.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-10-24 22:12:47 +02:00 committed by Jason A. Donenfeld
parent 4b8f879fd6
commit bf4eabb4ca
9 changed files with 68 additions and 84 deletions

View File

@ -31,18 +31,17 @@ AdapterGetDrvInfoDetail(
_In_ SP_DRVINFO_DATA_W *DrvInfoData,
_Out_ SP_DRVINFO_DETAIL_DATA_W **DrvInfoDetailData)
{
HANDLE Heap = GetProcessHeap();
DWORD Size = sizeof(SP_DRVINFO_DETAIL_DATA_W) + 0x100;
for (;;)
{
*DrvInfoDetailData = HeapAlloc(Heap, 0, Size);
*DrvInfoDetailData = HeapAlloc(ModuleHeap, 0, Size);
if (!*DrvInfoDetailData)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
(*DrvInfoDetailData)->cbSize = sizeof(SP_DRVINFO_DETAIL_DATA_W);
if (SetupDiGetDriverInfoDetailW(DevInfo, DevInfoData, DrvInfoData, *DrvInfoDetailData, Size, &Size))
return ERROR_SUCCESS;
DWORD Result = GetLastError();
HeapFree(Heap, 0, *DrvInfoDetailData);
HeapFree(ModuleHeap, 0, *DrvInfoDetailData);
if (Result != ERROR_INSUFFICIENT_BUFFER)
return LOG_ERROR(L"Failed", Result);
}
@ -57,16 +56,15 @@ GetDeviceRegistryProperty(
_Out_ void **Buf,
_Inout_ DWORD *BufLen)
{
HANDLE Heap = GetProcessHeap();
for (;;)
{
*Buf = HeapAlloc(Heap, 0, *BufLen);
*Buf = HeapAlloc(ModuleHeap, 0, *BufLen);
if (!*Buf)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
if (SetupDiGetDeviceRegistryPropertyW(DevInfo, DevInfoData, Property, ValueType, *Buf, *BufLen, BufLen))
return ERROR_SUCCESS;
DWORD Result = GetLastError();
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
if (Result != ERROR_INSUFFICIENT_BUFFER)
return LOG_ERROR(L"Querying property failed", Result);
}
@ -90,11 +88,11 @@ GetDeviceRegistryString(
case REG_MULTI_SZ:
Result = RegistryGetString(Buf, Size / sizeof(WCHAR), ValueType);
if (Result != ERROR_SUCCESS)
HeapFree(GetProcessHeap(), 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
return Result;
default:
LOG(WINTUN_LOG_ERR, L"Property is not a string");
HeapFree(GetProcessHeap(), 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
return ERROR_INVALID_DATATYPE;
}
}
@ -117,11 +115,11 @@ GetDeviceRegistryMultiString(
case REG_MULTI_SZ:
Result = RegistryGetMultiString(Buf, Size / sizeof(WCHAR), ValueType);
if (Result != ERROR_SUCCESS)
HeapFree(GetProcessHeap(), 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
return Result;
default:
LOG(WINTUN_LOG_ERR, L"Property is not a string");
HeapFree(GetProcessHeap(), 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
return ERROR_INVALID_DATATYPE;
}
}
@ -140,7 +138,6 @@ IsOurAdapter(_In_ HDEVINFO DevInfo, _In_ SP_DEVINFO_DATA *DevInfoData, _Out_ BOO
static WINTUN_STATUS
GetDeviceObject(_In_opt_z_ const WCHAR *InstanceId, _Out_ HANDLE *Handle)
{
HANDLE Heap = GetProcessHeap();
ULONG InterfacesLen;
DWORD Result = CM_Get_Device_Interface_List_SizeW(
&InterfacesLen, (GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)InstanceId, CM_GET_DEVICE_INTERFACE_LIST_PRESENT);
@ -149,7 +146,7 @@ GetDeviceObject(_In_opt_z_ const WCHAR *InstanceId, _Out_ HANDLE *Handle)
LOG(WINTUN_LOG_ERR, L"Failed to get device associated device instances size");
return ERROR_GEN_FAILURE;
}
WCHAR *Interfaces = HeapAlloc(Heap, 0, InterfacesLen * sizeof(WCHAR));
WCHAR *Interfaces = HeapAlloc(ModuleHeap, 0, InterfacesLen * sizeof(WCHAR));
if (!Interfaces)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
Result = CM_Get_Device_Interface_ListW(
@ -174,7 +171,7 @@ GetDeviceObject(_In_opt_z_ const WCHAR *InstanceId, _Out_ HANDLE *Handle)
NULL);
Result = *Handle != INVALID_HANDLE_VALUE ? ERROR_SUCCESS : LOG_LAST_ERROR(L"Failed to connect to device");
cleanupBuf:
HeapFree(Heap, 0, Interfaces);
HeapFree(ModuleHeap, 0, Interfaces);
return Result;
}
@ -188,8 +185,7 @@ ForceCloseWintunAdapterHandle(_In_ HDEVINFO DevInfo, _In_ SP_DEVINFO_DATA *DevIn
if (SetupDiGetDeviceInstanceIdW(DevInfo, DevInfoData, NULL, 0, &RequiredBytes) ||
(Result = GetLastError()) != ERROR_INSUFFICIENT_BUFFER)
return LOG_ERROR(L"Failed to query device instance ID size", Result);
HANDLE Heap = GetProcessHeap();
WCHAR *InstanceId = HeapAlloc(Heap, HEAP_ZERO_MEMORY, sizeof(*InstanceId) * RequiredBytes);
WCHAR *InstanceId = HeapAlloc(ModuleHeap, HEAP_ZERO_MEMORY, sizeof(*InstanceId) * RequiredBytes);
if (!InstanceId)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
if (!SetupDiGetDeviceInstanceIdW(DevInfo, DevInfoData, InstanceId, RequiredBytes, &RequiredBytes))
@ -209,7 +205,7 @@ ForceCloseWintunAdapterHandle(_In_ HDEVINFO DevInfo, _In_ SP_DEVINFO_DATA *DevIn
: LOG_LAST_ERROR(L"Failed to perform ioctl");
CloseHandle(NdisHandle);
out:
HeapFree(Heap, 0, InstanceId);
HeapFree(ModuleHeap, 0, InstanceId);
return Result;
}
@ -221,10 +217,9 @@ AdapterDisableAllOurs(_In_ HDEVINFO DevInfo, _Inout_ SP_DEVINFO_DATA_LIST **Disa
.StateChange = DICS_DISABLE,
.Scope = DICS_FLAG_GLOBAL };
DWORD Result = ERROR_SUCCESS;
HANDLE Heap = GetProcessHeap();
for (DWORD EnumIndex = 0;; ++EnumIndex)
{
SP_DEVINFO_DATA_LIST *DeviceNode = HeapAlloc(Heap, 0, sizeof(SP_DEVINFO_DATA_LIST));
SP_DEVINFO_DATA_LIST *DeviceNode = HeapAlloc(ModuleHeap, 0, sizeof(SP_DEVINFO_DATA_LIST));
if (!DeviceNode)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
DeviceNode->Data.cbSize = sizeof(SP_DEVINFO_DATA);
@ -232,7 +227,7 @@ AdapterDisableAllOurs(_In_ HDEVINFO DevInfo, _Inout_ SP_DEVINFO_DATA_LIST **Disa
{
if (GetLastError() == ERROR_NO_MORE_ITEMS)
{
HeapFree(Heap, 0, DeviceNode);
HeapFree(ModuleHeap, 0, DeviceNode);
break;
}
goto cleanupDeviceInfoData;
@ -265,7 +260,7 @@ AdapterDisableAllOurs(_In_ HDEVINFO DevInfo, _Inout_ SP_DEVINFO_DATA_LIST **Disa
continue;
cleanupDeviceInfoData:
HeapFree(Heap, 0, &DeviceNode->Data);
HeapFree(ModuleHeap, 0, &DeviceNode->Data);
}
return Result;
}
@ -404,7 +399,7 @@ GetNetCfgInstanceId(_In_ HDEVINFO DevInfo, _In_ SP_DEVINFO_DATA *DevInfoData, _O
}
else
Result = ERROR_SUCCESS;
HeapFree(GetProcessHeap(), 0, ValueStr);
HeapFree(ModuleHeap, 0, ValueStr);
cleanupKey:
RegCloseKey(Key);
return Result;
@ -471,7 +466,6 @@ IsPoolMember(
_In_ SP_DEVINFO_DATA *DevInfoData,
_Out_ BOOL *IsMember)
{
HANDLE Heap = GetProcessHeap();
WCHAR *DeviceDesc, *FriendlyName;
DWORD Result = GetDeviceRegistryString(DevInfo, DevInfoData, SPDRP_DEVICEDESC, &DeviceDesc);
if (Result != ERROR_SUCCESS)
@ -501,9 +495,9 @@ IsPoolMember(
}
*IsMember = FALSE;
cleanupFriendlyName:
HeapFree(Heap, 0, FriendlyName);
HeapFree(ModuleHeap, 0, FriendlyName);
cleanupDeviceDesc:
HeapFree(Heap, 0, DeviceDesc);
HeapFree(ModuleHeap, 0, DeviceDesc);
return Result;
}
@ -521,8 +515,7 @@ CreateAdapterData(
if (Key == INVALID_HANDLE_VALUE)
return LOG_LAST_ERROR(L"Opening device registry key failed");
HANDLE Heap = GetProcessHeap();
*Adapter = HeapAlloc(Heap, 0, sizeof(WINTUN_ADAPTER));
*Adapter = HeapAlloc(ModuleHeap, 0, sizeof(WINTUN_ADAPTER));
if (!*Adapter)
{
LOG(WINTUN_LOG_ERR, L"Out of memory");
@ -541,11 +534,11 @@ CreateAdapterData(
if (FAILED(CLSIDFromString(ValueStr, &(*Adapter)->CfgInstanceID)))
{
LOG(WINTUN_LOG_ERR, L"NetCfgInstanceId is not a GUID");
HeapFree(Heap, 0, ValueStr);
HeapFree(ModuleHeap, 0, ValueStr);
Result = ERROR_INVALID_DATA;
goto cleanupAdapter;
}
HeapFree(Heap, 0, ValueStr);
HeapFree(ModuleHeap, 0, ValueStr);
/* Read the NetLuidIndex value. */
Result = RegistryQueryDWORD(Key, L"NetLuidIndex", &(*Adapter)->LuidIndex);
@ -576,7 +569,7 @@ CreateAdapterData(
cleanupAdapter:
if (Result != ERROR_SUCCESS)
HeapFree(Heap, 0, *Adapter);
HeapFree(ModuleHeap, 0, *Adapter);
cleanupKey:
RegCloseKey(Key);
return Result;
@ -597,7 +590,7 @@ GetDeviceRegPath(_In_ const WINTUN_ADAPTER *Adapter, _Out_cap_c_(MAX_REG_PATH) W
void WINAPI
WintunFreeAdapter(_In_ WINTUN_ADAPTER *Adapter)
{
HeapFree(GetProcessHeap(), 0, Adapter);
HeapFree(ModuleHeap, 0, Adapter);
}
WINTUN_STATUS WINAPI
@ -942,7 +935,7 @@ GetTcpipInterfaceRegPath(_In_ const WINTUN_ADAPTER *Adapter, _Out_cap_c_(MAX_REG
}
_snwprintf_s(Path, MAX_REG_PATH, _TRUNCATE, L"SYSTEM\\CurrentControlSet\\Services\\%s", Paths);
cleanupPaths:
HeapFree(GetProcessHeap(), 0, Paths);
HeapFree(ModuleHeap, 0, Paths);
cleanupTcpipAdapterRegKey:
RegCloseKey(TcpipAdapterRegKey);
return Result;
@ -976,7 +969,6 @@ CreateAdapter(
goto cleanupDevInfo;
}
HANDLE Heap = GetProcessHeap();
WCHAR PoolDeviceTypeName[MAX_POOL_DEVICE_TYPE];
GetPoolDeviceTypeName(Pool, PoolDeviceTypeName);
SP_DEVINFO_DATA DevInfoData = { .cbSize = sizeof(SP_DEVINFO_DATA) };
@ -1043,10 +1035,10 @@ CreateAdapter(
}
if (!DriverIsOurDrvInfoDetail(DrvInfoDetailData))
{
HeapFree(Heap, 0, DrvInfoDetailData);
HeapFree(ModuleHeap, 0, DrvInfoDetailData);
continue;
}
HeapFree(Heap, 0, DrvInfoDetailData);
HeapFree(ModuleHeap, 0, DrvInfoDetailData);
if (!SetupDiSetSelectedDriverW(DevInfo, &DevInfoData, &DrvInfoData))
continue;
@ -1131,7 +1123,7 @@ CreateAdapter(
LOG(WINTUN_LOG_ERR, L"Failed to query NetCfgInstanceId value");
goto cleanupNetDevRegKey;
}
HeapFree(Heap, 0, DummyStr);
HeapFree(ModuleHeap, 0, DummyStr);
DWORD DummyDWORD;
Result = RegistryQueryDWORDWait(NetDevRegKey, L"NetLuidIndex", WAIT_FOR_REGISTRY_TIMEOUT, &DummyDWORD);
if (Result != ERROR_SUCCESS)
@ -1173,7 +1165,7 @@ CreateAdapter(
LOG(WINTUN_LOG_ERR, L"Failed to query IpConfig value");
goto cleanupTcpipAdapterRegKey;
}
HeapFree(Heap, 0, DummyStr);
HeapFree(ModuleHeap, 0, DummyStr);
HKEY TcpipInterfaceRegKey;
WCHAR TcpipInterfaceRegPath[MAX_REG_PATH];
@ -1209,7 +1201,7 @@ cleanupTcpipAdapterRegKey:
RegCloseKey(TcpipAdapterRegKey);
cleanupAdapter:
if (Result != ERROR_SUCCESS)
HeapFree(Heap, 0, *Adapter);
HeapFree(ModuleHeap, 0, *Adapter);
cleanupNetDevRegKey:
RegCloseKey(NetDevRegKey);
cleanupDevice:
@ -1365,9 +1357,8 @@ ExecuteRunDll32(
LOG(WINTUN_LOG_ERR, L"Failed to copy resource");
goto cleanupDelete;
}
HANDLE Heap = GetProcessHeap();
size_t CommandLineLen = 10 + MAX_PATH + 2 + wcslen(Arguments) + 1;
WCHAR *CommandLine = HeapAlloc(Heap, 0, CommandLineLen * sizeof(WCHAR));
WCHAR *CommandLine = HeapAlloc(ModuleHeap, 0, CommandLineLen * sizeof(WCHAR));
if (!CommandLine)
{
LOG(WINTUN_LOG_ERR, L"Out of memory");
@ -1438,7 +1429,7 @@ cleanupPipes:
CloseHandle(StreamW[Stderr]);
CloseHandle(StreamR[Stdout]);
CloseHandle(StreamW[Stdout]);
HeapFree(Heap, 0, CommandLine);
HeapFree(ModuleHeap, 0, CommandLine);
cleanupDelete:
DeleteFileW(DllPath);
cleanupDirectory:
@ -1651,7 +1642,6 @@ WintunEnumAdapters(_In_z_count_c_(MAX_POOL) const WCHAR *Pool, _In_ WINTUN_ENUM_
Result = LOG_LAST_ERROR(L"Failed to get present class devices");
goto cleanupMutex;
}
HANDLE Heap = GetProcessHeap();
BOOL Continue = TRUE;
for (DWORD EnumIndex = 0; Continue; ++EnumIndex)
{
@ -1685,7 +1675,7 @@ WintunEnumAdapters(_In_z_count_c_(MAX_POOL) const WCHAR *Pool, _In_ WINTUN_ENUM_
break;
}
Continue = Func(Adapter, Param);
HeapFree(Heap, 0, Adapter);
HeapFree(ModuleHeap, 0, Adapter);
}
SetupDiDestroyDeviceInfoList(DevInfo);
cleanupMutex:

View File

@ -29,7 +29,7 @@ typedef struct _SP_DEVINFO_DATA_LIST
* driver for which to retrieve details.
*
* @param DrvInfoDetailData A pointer to a structure that receives detailed information about the specified driver.
* Must be released with HeapFree(GetProcessHeap(), 0, *DrvInfoDetailData) after use.
* Must be released with HeapFree(ModuleHeap, 0, *DrvInfoDetailData) after use.
*
* @return ERROR_SUCCESS on success; Win32 error code otherwise.
*/

View File

@ -6,8 +6,9 @@
#include "pch.h"
HINSTANCE ResourceModule;
HANDLE ModuleHeap;
static SECURITY_ATTRIBUTES SecurityAttributesSystem = { .nLength = sizeof(SECURITY_ATTRIBUTES) };
SECURITY_ATTRIBUTES *SecurityAttributes = NULL;
SECURITY_ATTRIBUTES *SecurityAttributes;
WINTUN_STATUS WINAPI
WintunGetVersion(
@ -56,6 +57,7 @@ DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved)
{
case DLL_PROCESS_ATTACH:
ResourceModule = hinstDLL;
ModuleHeap = HeapCreate(0, 0, 0);
#ifndef _DEBUG
ConvertStringSecurityDescriptorToSecurityDescriptorW(
L"O:SYD:P(A;;GA;;;SY)", SDDL_REVISION_1, &SecurityAttributesSystem.lpSecurityDescriptor, NULL);
@ -73,6 +75,7 @@ DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved)
#ifndef _DEBUG
LocalFree(SecurityAttributesSystem.lpSecurityDescriptor);
#endif
HeapDestroy(ModuleHeap);
break;
}
return TRUE;

View File

@ -15,4 +15,5 @@
#endif
extern HINSTANCE ResourceModule;
extern HANDLE ModuleHeap;
extern SECURITY_ATTRIBUTES *SecurityAttributes;

View File

@ -38,7 +38,6 @@ DriverRemoveAllOurs(void)
Result = LOG_LAST_ERROR(L"Failed to build list of drivers");
goto cleanupDeviceInfoSet;
}
HANDLE Heap = GetProcessHeap();
for (DWORD EnumIndex = 0;; ++EnumIndex)
{
SP_DRVINFO_DATA_W DrvInfoData = { .cbSize = sizeof(DrvInfoData) };
@ -56,7 +55,7 @@ DriverRemoveAllOurs(void)
}
if (!DriverIsOurDrvInfoDetail(DrvInfoDetailData))
{
HeapFree(Heap, 0, DrvInfoDetailData);
HeapFree(ModuleHeap, 0, DrvInfoDetailData);
continue;
}
PathStripPathW(DrvInfoDetailData->InfFileName);
@ -66,7 +65,7 @@ DriverRemoveAllOurs(void)
LOG_LAST_ERROR(L"Unable to remove existing driver");
Result = Result != ERROR_SUCCESS ? Result : GetLastError();
}
HeapFree(Heap, 0, DrvInfoDetailData);
HeapFree(ModuleHeap, 0, DrvInfoDetailData);
}
SetupDiDestroyDriverInfoList(DevInfo, NULL, SPDIT_CLASSDRIVER);
cleanupDeviceInfoSet:

View File

@ -12,18 +12,17 @@ static BCRYPT_ALG_HANDLE AlgProvider;
static WCHAR *
NormalizeStringAlloc(_In_ NORM_FORM NormForm, _In_z_ const WCHAR *Source)
{
HANDLE Heap = GetProcessHeap();
int Len = NormalizeString(NormForm, Source, -1, NULL, 0);
for (;;)
{
WCHAR *Str = HeapAlloc(Heap, 0, sizeof(WCHAR) * Len);
WCHAR *Str = HeapAlloc(ModuleHeap, 0, sizeof(WCHAR) * Len);
if (!Str)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), NULL;
Len = NormalizeString(NormForm, Source, -1, Str, Len);
if (Len > 0)
return Str;
DWORD Result = GetLastError();
HeapFree(Heap, 0, Str);
HeapFree(ModuleHeap, 0, Str);
if (Result != ERROR_INSUFFICIENT_BUFFER)
return LOG_ERROR(L"Failed", Result), NULL;
Len = -Len;
@ -152,7 +151,7 @@ NamespaceTakeMutex(_In_z_ const WCHAR *Pool)
CloseHandle(Mutex);
Mutex = NULL;
cleanupPoolNorm:
HeapFree(GetProcessHeap(), 0, PoolNorm);
HeapFree(ModuleHeap, 0, PoolNorm);
cleanupSha256:
BCryptDestroyHash(Sha256);
return Mutex;

View File

@ -73,17 +73,15 @@ RegistryOpenKeyWait(
WINTUN_STATUS
RegistryGetString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType)
{
HANDLE Heap = GetProcessHeap();
if (wcsnlen(*Buf, Len) >= Len)
{
/* String is missing zero-terminator. */
WCHAR *BufZ = HeapAlloc(Heap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
WCHAR *BufZ = HeapAlloc(ModuleHeap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
if (!BufZ)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
wmemcpy(BufZ, *Buf, Len);
BufZ[Len] = 0;
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
*Buf = BufZ;
}
@ -98,23 +96,23 @@ RegistryGetString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType)
Len = Len * 2 + 64;
for (;;)
{
WCHAR *Expanded = HeapAlloc(Heap, 0, Len * sizeof(WCHAR));
WCHAR *Expanded = HeapAlloc(ModuleHeap, 0, Len * sizeof(WCHAR));
if (!Expanded)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
DWORD Result = ExpandEnvironmentStringsW(*Buf, Expanded, Len);
if (!Result)
{
Result = LOG_LAST_ERROR(L"Failed to expand environment variables");
HeapFree(Heap, 0, Expanded);
HeapFree(ModuleHeap, 0, Expanded);
return Result;
}
if (Result > Len)
{
HeapFree(Heap, 0, Expanded);
HeapFree(ModuleHeap, 0, Expanded);
Len = Result;
continue;
}
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
*Buf = Expanded;
return ERROR_SUCCESS;
}
@ -123,8 +121,6 @@ RegistryGetString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType)
WINTUN_STATUS
RegistryGetMultiString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType)
{
HANDLE Heap = GetProcessHeap();
if (ValueType == REG_MULTI_SZ)
{
for (size_t i = 0;; i += wcsnlen(*Buf + i, Len - i) + 1)
@ -132,25 +128,25 @@ RegistryGetMultiString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType
if (i > Len)
{
/* Missing string and list terminators. */
WCHAR *BufZ = HeapAlloc(Heap, 0, ((size_t)Len + 2) * sizeof(WCHAR));
WCHAR *BufZ = HeapAlloc(ModuleHeap, 0, ((size_t)Len + 2) * sizeof(WCHAR));
if (!BufZ)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
wmemcpy(BufZ, *Buf, Len);
BufZ[Len] = 0;
BufZ[Len + 1] = 0;
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
*Buf = BufZ;
return ERROR_SUCCESS;
}
if (i == Len)
{
/* Missing list terminator. */
WCHAR *BufZ = HeapAlloc(Heap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
WCHAR *BufZ = HeapAlloc(ModuleHeap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
if (!BufZ)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
wmemcpy(BufZ, *Buf, Len);
BufZ[Len] = 0;
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
*Buf = BufZ;
return ERROR_SUCCESS;
}
@ -164,12 +160,12 @@ RegistryGetMultiString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType
if (Result != ERROR_SUCCESS)
return Result;
Len = (DWORD)wcslen(*Buf) + 1;
WCHAR *BufZ = HeapAlloc(Heap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
WCHAR *BufZ = HeapAlloc(ModuleHeap, 0, ((size_t)Len + 1) * sizeof(WCHAR));
if (!BufZ)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
wmemcpy(BufZ, *Buf, Len);
BufZ[Len] = 0;
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
*Buf = BufZ;
return ERROR_SUCCESS;
}
@ -183,16 +179,15 @@ RegistryQuery(
_Inout_ DWORD *BufLen,
_In_ BOOL Log)
{
HANDLE Heap = GetProcessHeap();
for (;;)
{
*Buf = HeapAlloc(Heap, 0, *BufLen);
*Buf = HeapAlloc(ModuleHeap, 0, *BufLen);
if (!*Buf)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
LSTATUS Result = RegQueryValueExW(Key, Name, NULL, ValueType, (BYTE *)*Buf, BufLen);
if (Result == ERROR_SUCCESS)
return ERROR_SUCCESS;
HeapFree(Heap, 0, *Buf);
HeapFree(ModuleHeap, 0, *Buf);
if (Result != ERROR_MORE_DATA)
return Log ? LOG_ERROR(L"Querying value failed", Result) : Result;
}
@ -212,11 +207,11 @@ RegistryQueryString(_In_ HKEY Key, _In_opt_z_ const WCHAR *Name, _Out_ WCHAR **V
case REG_MULTI_SZ:
Result = RegistryGetString(Value, Size / sizeof(WCHAR), ValueType);
if (Result != ERROR_SUCCESS)
HeapFree(GetProcessHeap(), 0, *Value);
HeapFree(ModuleHeap, 0, *Value);
return Result;
default:
LOG(WINTUN_LOG_ERR, L"Value is not a string");
HeapFree(GetProcessHeap(), 0, *Value);
HeapFree(ModuleHeap, 0, *Value);
return ERROR_INVALID_DATATYPE;
}
}

View File

@ -38,9 +38,8 @@ RegistryOpenKeyWait(
* Validates and/or sanitizes string value read from registry.
*
* @param Buf On input, it contains a pointer to pointer where the data is stored. The data must be allocated
* using HeapAlloc(GetProcessHeap(), 0). On output, it contains a pointer to pointer where the
* sanitized data is stored. It must be released with HeapFree(GetProcessHeap(), 0, *Buf) after
* use.
* using HeapAlloc(ModuleHeap, 0). On output, it contains a pointer to pointer where the sanitized
* data is stored. It must be released with HeapFree(ModuleHeap, 0, *Buf) after use.
*
* @param Len Length of data string in wide characters.
*
@ -56,9 +55,8 @@ RegistryGetString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType);
* Validates and/or sanitizes multi-string value read from registry.
*
* @param Buf On input, it contains a pointer to pointer where the data is stored. The data must be allocated
* using HeapAlloc(GetProcessHeap(), 0). On output, it contains a pointer to pointer where the
* sanitized data is stored. It must be released with HeapFree(GetProcessHeap(), 0, *Buf) after
* use.
* using HeapAlloc(ModuleHeap, 0). On output, it contains a pointer to pointer where the sanitized
* data is stored. It must be released with HeapFree(ModuleHeap, 0, *Buf) after use.
*
* @param Len Length of data string in wide characters.
*
@ -79,7 +77,7 @@ RegistryGetMultiString(_Inout_ WCHAR **Buf, _In_ DWORD Len, _In_ DWORD ValueType
* @param Value Pointer to string to retrieve registry value. If the value type is REG_EXPAND_SZ the value is
* expanded using ExpandEnvironmentStrings(). If the value type is REG_MULTI_SZ, only the first
* string from the multi-string is returned. The string must be released with
* HeapFree(GetProcessHeap(), 0, Value) after use.
* HeapFree(ModuleHeap, 0, Value) after use.
*
* @Log Set to TRUE to log all failures; FALSE to skip logging the innermost errors. Skipping innermost
* errors reduces log clutter when we are using RegistryQueryString() from
@ -103,7 +101,7 @@ RegistryQueryString(_In_ HKEY Key, _In_opt_z_ const WCHAR *Name, _Out_ WCHAR **V
* @param Value Pointer to string to retrieve registry value. If the value type is REG_EXPAND_SZ the value is
* expanded using ExpandEnvironmentStrings(). If the value type is REG_MULTI_SZ, only the first
* string from the multi-string is returned. The string must be released with
* HeapFree(GetProcessHeap(), 0, Value) after use.
* HeapFree(ModuleHeap, 0, Value) after use.
*
* @return ERROR_SUCCESS on success; WAIT_TIMEOUT on timeout; ERROR_INVALID_DATATYPE when the registry value is not a
* string; Win32 error code otherwise.

View File

@ -52,8 +52,7 @@ typedef struct _TUN_SESSION
WINTUN_STATUS WINAPI
WintunStartSession(_In_ const WINTUN_ADAPTER *Adapter, _In_ DWORD Capacity, _Out_ TUN_SESSION **Session)
{
HANDLE Heap = GetProcessHeap();
*Session = HeapAlloc(Heap, 0, sizeof(TUN_SESSION));
*Session = HeapAlloc(ModuleHeap, 0, sizeof(TUN_SESSION));
if (!*Session)
return LOG(WINTUN_LOG_ERR, L"Out of memory"), ERROR_OUTOFMEMORY;
const ULONG RingSize = TUN_RING_SIZE(Capacity);
@ -113,7 +112,7 @@ cleanupSendTailMoved:
cleanupAllocatedRegion:
VirtualFree(AllocatedRegion, 0, MEM_RELEASE);
cleanupRings:
HeapFree(Heap, 0, *Session);
HeapFree(ModuleHeap, 0, *Session);
*Session = NULL;
return Result;
}
@ -126,7 +125,7 @@ WintunEndSession(_In_ TUN_SESSION *Session)
CloseHandle(Session->Descriptor.Send.TailMoved);
CloseHandle(Session->Descriptor.Receive.TailMoved);
VirtualFree(Session->Descriptor.Send.Ring, 0, MEM_RELEASE);
HeapFree(GetProcessHeap(), 0, Session);
HeapFree(ModuleHeap, 0, Session);
}
BOOL WINAPI