Skip to content

Commit c187cf8

Browse files
EricKohlEricKohl
committed
[SERVICES] Add check for valid control codes to RI_ScSendPnPMessage
1 parent 001d005 commit c187cf8

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

base/system/services/rpcserver.c

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6726,6 +6726,7 @@ RI_ScSendPnPMessage(
67266726
DWORD PacketSize;
67276727
PSERVICE pService;
67286728
ULONG_PTR Ptr;
6729+
DWORD dwControlsAccepted, dwCurrentState;
67296730
DWORD dwError = ERROR_SUCCESS;
67306731

67316732
DPRINT("RI_ScSendPnPMessage(%p %lx %lu %lu %p)\n",
@@ -6734,6 +6735,46 @@ RI_ScSendPnPMessage(
67346735
/* FIXME: Verify the status handle */
67356736
pService = (PSERVICE)hServiceStatus;
67366737

6738+
/* Fail, if the service is a driver */
6739+
if (pService->Status.dwServiceType & SERVICE_DRIVER)
6740+
return ERROR_INVALID_SERVICE_CONTROL;
6741+
6742+
dwControlsAccepted = pService->Status.dwControlsAccepted;
6743+
dwCurrentState = pService->Status.dwCurrentState;
6744+
6745+
/* Return ERROR_SERVICE_NOT_ACTIVE if the service has not been started */
6746+
if (pService->lpImage == NULL || dwCurrentState == SERVICE_STOPPED)
6747+
return ERROR_SERVICE_NOT_ACTIVE;
6748+
6749+
/* The service cannot accept a control code if it is not running */
6750+
if (dwCurrentState != SERVICE_RUNNING)
6751+
return ERROR_SERVICE_CANNOT_ACCEPT_CTRL;
6752+
6753+
/* Check if the control code is acceptable to the service */
6754+
switch (dwControl)
6755+
{
6756+
case SERVICE_CONTROL_DEVICEEVENT:
6757+
break;
6758+
6759+
case SERVICE_CONTROL_HARDWAREPROFILECHANGE:
6760+
if ((dwControlsAccepted & SERVICE_ACCEPT_HARDWAREPROFILECHANGE) == 0)
6761+
return ERROR_INVALID_SERVICE_CONTROL;
6762+
break;
6763+
6764+
case SERVICE_CONTROL_POWEREVENT:
6765+
if ((dwControlsAccepted & SERVICE_ACCEPT_POWEREVENT) == 0)
6766+
return ERROR_INVALID_SERVICE_CONTROL;
6767+
break;
6768+
6769+
case SERVICE_CONTROL_SESSIONCHANGE:
6770+
if ((dwControlsAccepted & SERVICE_ACCEPT_SESSIONCHANGE) == 0)
6771+
return ERROR_INVALID_SERVICE_CONTROL;
6772+
break;
6773+
6774+
default:
6775+
return ERROR_INVALID_SERVICE_CONTROL;
6776+
}
6777+
67376778
/* Calculate the total size of the control packet:
67386779
* initial structure, event type and event data */
67396780
PacketSize = sizeof(SCM_CONTROL_PACKET) + sizeof(DWORD) + dwEventSize;

0 commit comments

Comments
 (0)