Merged fixes for advisories GHSA-76hh-wrj5-hr2v and GHSA-wcfg-5jpf-hhxq provided by Bill Lamie.

2025-11-16 12:34:48 +00:00 · 2025-07-14 16:58:01 -04:00
parent 7ad78c40e9
commit 3d6b65a7d3
2 changed files with 170 additions and 17 deletions
--- a/common_modules/module_manager/inc/txm_module_manager_util.h
+++ b/common_modules/module_manager/inc/txm_module_manager_util.h
@@ -25,7 +25,7 @@
 /*  COMPONENT DEFINITION                                   RELEASE        */
 /*                                                                        */
 /*    txm_module_manager_util.h                           PORTABLE C      */
-/*                                                           6.3.0        */
+/*                                                           6.4.3        */
 /*  AUTHOR                                                                */
 /*                                                                        */
 /*    Scott Larson, Microsoft Corporation                                 */
@@ -46,6 +46,10 @@
 /*  10-31-2023      Tiejun Zhou             Modified comment(s) and       */
 /*                                            improved object check,      */
 /*                                            resulting in version 6.3.0  */
+/*  xx-xx-2025      William E. Lamie        Modified comment(s) and       */
+/*                                            improved object pointer use */ 
+/*                                            and creation checking,      */
+/*                                            resulting in version 6.4.3  */
 /*                                                                        */
 /**************************************************************************/

@@ -102,16 +106,11 @@

 /* Kernel objects should be outside the module at the very least.  */
 #define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_USE(module_instance, obj_ptr, obj_size) \
-    (TXM_MODULE_MANAGER_ENSURE_OUTSIDE_MODULE(module_instance, obj_ptr, obj_size) || \
-     (_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \
-     ((void *) (obj_ptr) == TX_NULL))
+    (_txm_module_manager_param_check_object_for_use(module_instance, obj_ptr, obj_size))

 /* When creating an object, the object must be inside the object pool.  */
 #define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_CREATION(module_instance, obj_ptr, obj_size) \
-    ((TXM_MODULE_MANAGER_ENSURE_INSIDE_OBJ_POOL(module_instance, obj_ptr, obj_size) && \
-      (_txm_module_manager_object_size_check(obj_ptr, obj_size) == TX_SUCCESS)) || \
-     (_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \
-     ((void *) (obj_ptr) == TX_NULL))
+    (_txm_module_manager_param_check_object_for_creation(module_instance, obj_ptr, obj_size))

 /* Strings we dereference can be in RW/RO/Shared areas.  */
 #define TXM_MODULE_MANAGER_PARAM_CHECK_DEREFERENCE_STRING(module_instance, string_ptr) \
@@ -136,6 +135,8 @@ UINT    _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_inst
 UINT    _txm_module_manager_object_size_check(ALIGN_TYPE object_ptr, ULONG object_size);
 UINT    _txm_module_manager_object_name_compare(CHAR *object_name1, UINT object_name1_length, CHAR *object_name2);
 UCHAR   _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_instance, void *object_ptr);
+UINT    _txm_module_manager_param_check_object_for_creation(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size);
+UINT    _txm_module_manager_param_check_object_for_use(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size);
 UINT    _txm_module_manager_util_code_allocation_size_and_alignment_get(TXM_MODULE_PREAMBLE *module_preamble, ULONG *code_alignment_dest, ULONG *code_allocation_size_dest);

 #endif