Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-04 15:36:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:PNP] Avoid an unnecessary stack buffer in PnpRootCreateDevice. CORE-15882

Browse source
This commit is contained in:
Thomas Faber 2020-05-02 17:42:40 +02:00
parent 1b0fe76d0d
commit 2242ca6920
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
1 changed files with 19 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

28
ntoskrnl/io/pnpmgr/pnproot.c
View file

@ -191,7 +191,7 @@ PnpRootCreateDevice(
{ {
PPNPROOT_FDO_DEVICE_EXTENSION DeviceExtension; PPNPROOT_FDO_DEVICE_EXTENSION DeviceExtension;
PPNPROOT_PDO_DEVICE_EXTENSION PdoDeviceExtension; PPNPROOT_PDO_DEVICE_EXTENSION PdoDeviceExtension;
WCHAR DevicePath[MAX_PATH + 1]; UNICODE_STRING DevicePath;
WCHAR InstancePath[5]; WCHAR InstancePath[5];
PPNPROOT_DEVICE Device = NULL; PPNPROOT_DEVICE Device = NULL;
NTSTATUS Status; NTSTATUS Status;
@ -207,7 +207,19 @@ PnpRootCreateDevice(
DPRINT("Creating a PnP root device for service '%wZ'\n", ServiceName); DPRINT("Creating a PnP root device for service '%wZ'\n", ServiceName);
_snwprintf(DevicePath, sizeof(DevicePath) / sizeof(WCHAR), L"%s\\%wZ", REGSTR_KEY_ROOTENUM, ServiceName); DevicePath.Length = 0;
DevicePath.MaximumLength = sizeof(REGSTR_KEY_ROOTENUM) + sizeof(L'\\') + ServiceName->Length;
DevicePath.Buffer = ExAllocatePoolWithTag(PagedPool,
DevicePath.MaximumLength,
TAG_PNP_ROOT);
if (DevicePath.Buffer == NULL)
{
DPRINT1("ExAllocatePoolWithTag() failed\n");
Status = STATUS_NO_MEMORY;
goto cleanup;
}
RtlAppendUnicodeToString(&DevicePath, REGSTR_KEY_ROOTENUM L"\\");
RtlAppendUnicodeStringToString(&DevicePath, ServiceName);
/* Initialize a PNPROOT_DEVICE structure */ /* Initialize a PNPROOT_DEVICE structure */
Device = ExAllocatePoolWithTag(PagedPool, sizeof(PNPROOT_DEVICE), TAG_PNP_ROOT); Device = ExAllocatePoolWithTag(PagedPool, sizeof(PNPROOT_DEVICE), TAG_PNP_ROOT);
@ -218,11 +230,8 @@ PnpRootCreateDevice(
goto cleanup; goto cleanup;
} }
RtlZeroMemory(Device, sizeof(PNPROOT_DEVICE)); RtlZeroMemory(Device, sizeof(PNPROOT_DEVICE));
if (!RtlCreateUnicodeString(&Device->DeviceID, DevicePath)) Device->DeviceID = DevicePath;
{ RtlInitEmptyUnicodeString(&DevicePath, NULL, 0);
Status = STATUS_NO_MEMORY;
goto cleanup;
}
Status = IopOpenRegistryKeyEx(&EnumHandle, NULL, &EnumKeyName, KEY_READ); Status = IopOpenRegistryKeyEx(&EnumHandle, NULL, &EnumKeyName, KEY_READ);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
@ -258,7 +267,7 @@ tryagain:
for (NextInstance = 0; NextInstance <= 9999; NextInstance++) for (NextInstance = 0; NextInstance <= 9999; NextInstance++)
{ {
_snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance); _snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance);
Status = LocateChildDevice(DeviceExtension, DevicePath, InstancePath, &Device); Status = LocateChildDevice(DeviceExtension, Device->DeviceID.Buffer, InstancePath, &Device);
if (Status == STATUS_NO_SUCH_DEVICE) if (Status == STATUS_NO_SUCH_DEVICE)
break; break;
} }
@ -272,7 +281,7 @@ tryagain:
} }
_snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance); _snwprintf(InstancePath, sizeof(InstancePath) / sizeof(WCHAR), L"%04lu", NextInstance);
Status = LocateChildDevice(DeviceExtension, DevicePath, InstancePath, &Device); Status = LocateChildDevice(DeviceExtension, Device->DeviceID.Buffer, InstancePath, &Device);
if (Status != STATUS_NO_SUCH_DEVICE || NextInstance > 9999) if (Status != STATUS_NO_SUCH_DEVICE || NextInstance > 9999)
{ {
DPRINT1("NextInstance value is corrupt! (%lu)\n", NextInstance); DPRINT1("NextInstance value is corrupt! (%lu)\n", NextInstance);
@ -377,6 +386,7 @@ cleanup:
RtlFreeUnicodeString(&Device->InstanceID); RtlFreeUnicodeString(&Device->InstanceID);
ExFreePoolWithTag(Device, TAG_PNP_ROOT); ExFreePoolWithTag(Device, TAG_PNP_ROOT);
} }
RtlFreeUnicodeString(&DevicePath);
if (DeviceKeyHandle != NULL) if (DeviceKeyHandle != NULL)
ObCloseHandle(DeviceKeyHandle, KernelMode); ObCloseHandle(DeviceKeyHandle, KernelMode);
return Status; return Status;