From 174a4670ea5a7893c79d9bb0d87a2b36adedd5ec Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Thu, 29 Apr 2010 22:35:49 +0000
Subject: [PATCH] [NTOSKRNL] - Fix a horrible casting bug - EventCategoryData1
 is a pointer to a GUID not a pointer to a UNICODE_STRING - Convert the GUID
 into a UNICODE_STRING properly by using RtlStringFromGUID and pass that
 string to RtlCompareUnicodeString - Fix another bug which results in us
 sending EventCategoryHardwareProfileChange and
 EventCategoryTargetDeviceChange events to everyone registered for PnP
 notifications - Fixes sending EventCategoryDeviceInterfaceChange
 notifications that happen after calling IoRegisterPlugPlayNotification

svn path=/trunk/; revision=47064
---
 reactos/ntoskrnl/io/pnpmgr/pnpnotify.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c b/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c
index c328c80965f..f19f986e4e3 100644
--- a/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c
+++ b/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c
@@ -42,6 +42,8 @@ IopNotifyPlugPlayNotification(
 	PLIST_ENTRY ListEntry;
 	PVOID NotificationStructure;
 	BOOLEAN CallCurrentEntry;
+	UNICODE_STRING GuidString;
+	NTSTATUS Status;
 
 	ASSERT(DeviceObject);
 
@@ -71,6 +73,13 @@ IopNotifyPlugPlayNotification(
 			RtlCopyMemory(&NotificationInfos->Event, Event, sizeof(GUID));
 			RtlCopyMemory(&NotificationInfos->InterfaceClassGuid, EventCategoryData1, sizeof(GUID));
 			NotificationInfos->SymbolicLinkName = (PUNICODE_STRING)EventCategoryData2;
+			Status = RtlStringFromGUID(&NotificationInfos->InterfaceClassGuid, &GuidString);
+			if (!NT_SUCCESS(Status))
+			{
+				KeReleaseGuardedMutex(&PnpNotifyListLock);
+				ExFreePool(NotificationStructure);
+				return;
+			}
 			break;
 		}
 		case EventCategoryHardwareProfileChange:
@@ -125,12 +134,17 @@ IopNotifyPlugPlayNotification(
 		ChangeEntry = CONTAINING_RECORD(ListEntry, PNP_NOTIFY_ENTRY, PnpNotifyList);
 		CallCurrentEntry = FALSE;
 
+		if (ChangeEntry->EventCategory != EventCategory)
+		{
+			ListEntry = ListEntry->Flink;
+			continue;
+		}
+
 		switch (EventCategory)
 		{
 			case EventCategoryDeviceInterfaceChange:
 			{
-				if (ChangeEntry->EventCategory == EventCategory
-					&& RtlCompareUnicodeString(&ChangeEntry->Guid, (PUNICODE_STRING)EventCategoryData1, FALSE) == 0)
+				if (RtlCompareUnicodeString(&ChangeEntry->Guid, &GuidString, FALSE) == 0)
 				{
 					CallCurrentEntry = TRUE;
 				}
@@ -174,6 +188,8 @@ IopNotifyPlugPlayNotification(
 	}
 	KeReleaseGuardedMutex(&PnpNotifyListLock);
 	ExFreePoolWithTag(NotificationStructure, TAG_PNP_NOTIFY);
+	if (EventCategory == EventCategoryDeviceInterfaceChange)
+		RtlFreeUnicodeString(&GuidString);
 }
 
 /* PUBLIC FUNCTIONS **********************************************************/