Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 16:36:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:PNP] Avoid an unnecessary stack buffer in PnpRootCreateDevice. CORE-15882

Browse source
This commit is contained in:
Thomas Faber 2020-05-02 17:42:40 +02:00
parent 1b0fe76d0d
commit 2242ca6920
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
1 changed files with 19 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
ntoskrnl/io/pnpmgr/pnproot.c
View file

@ -191,7 +191,7 @@ PnpRootCreateDevice(
{
PPNPROOT_FDO_DEVICE_EXTENSION DeviceExtension;
PPNPROOT_PDO_DEVICE_EXTENSION PdoDeviceExtension;
WCHAR DevicePath[MAX_PATH + 1];
UNICODE_STRING DevicePath;
WCHAR InstancePath[5];
PPNPROOT_DEVICE Device = NULL;
NTSTATUS Status;
@ -207,7 +207,19 @@ PnpRootCreateDevice(
DPRINT("Creating a PnP root device for service '%wZ'\n", ServiceName);
_snwprintf(DevicePath, sizeof(DevicePath) / sizeof(WCHAR), L"%s\\%wZ", REGSTR_KEY_ROOTENUM, ServiceName);
DevicePath.Length = 0;
DevicePath.MaximumLength = sizeof(REGSTR_KEY_ROOTENUM) + sizeof(L'\\') + ServiceName->Length;
DevicePath.Buffer = ExAllocatePoolWithTag(PagedPool,
DevicePath.MaximumLength,
TAG_PNP_ROOT);
if (DevicePath.Buffer == NULL)
{
DPRINT1("ExAllocatePoolWithTag() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
RtlAppendUnicodeToString(&DevicePath, REGSTR_KEY_ROOTENUM L"\\");
RtlAppendUnicodeStringToString(&DevicePath, ServiceName);
/* Initialize a PNPROOT_DEVICE structure */
Device = ExAllocatePoolWithTag(PagedPool, sizeof(PNPROOT_DEVICE), TAG_PNP_ROOT);
@ -218,11 +230,8 @@ PnpRootCreateDevice(
goto cleanup;
}
RtlZeroMemory(Device, sizeof(PNPROOT_DEVICE));
if (!RtlCreateUnicodeString(&Device->DeviceID, DevicePath))
{
Status = STATUS_NO_MEMORY;
goto cleanup;
}
Device->DeviceID = DevicePath;
RtlInitEmptyUnicodeString(&DevicePath, NULL, 0);
Status = IopOpenRegistryKeyEx(&EnumHandle, NULL, &EnumKeyName, KEY_READ);
if (NT_SUCCESS(Status))
@ -258,7 +267,7 @@ tryagain:
for (NextInstance = 0; NextInstance <= 9999; NextInstance++)
{
_snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance);
Status = LocateChildDevice(DeviceExtension, DevicePath, InstancePath, &Device);
Status = LocateChildDevice(DeviceExtension, Device->DeviceID.Buffer, InstancePath, &Device);
if (Status == STATUS_NO_SUCH_DEVICE)
break;
}
@ -272,7 +281,7 @@ tryagain:
}
_snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance);
Status = LocateChildDevice(DeviceExtension, DevicePath, InstancePath, &Device);
Status = LocateChildDevice(DeviceExtension, Device->DeviceID.Buffer, InstancePath, &Device);
if (Status != STATUS_NO_SUCH_DEVICE || NextInstance > 9999)
{
DPRINT1("NextInstance value is corrupt! (%lu)\n", NextInstance);
@ -377,6 +386,7 @@ cleanup:
RtlFreeUnicodeString(&Device->InstanceID);
ExFreePoolWithTag(Device, TAG_PNP_ROOT);
}
RtlFreeUnicodeString(&DevicePath);
if (DeviceKeyHandle != NULL)
ObCloseHandle(DeviceKeyHandle, KernelMode);
return Status;