Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 18:15:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:CM] Avoid a fixed-length stack buffer in CmpAddToHiveFileList. CORE-15882

Browse source
This commit is contained in:
Thomas Faber 2019-04-15 12:10:23 +02:00
parent f3a280f52b
commit 26ab9f8a03
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
1 changed files with 32 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
ntoskrnl/config/cmhvlist.c
View file

@ -134,11 +134,11 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
HANDLE KeyHandle;
UNICODE_STRING HivePath;
PWCHAR FilePath;
UCHAR Buffer[sizeof(OBJECT_NAME_INFORMATION) + MAX_PATH * sizeof(WCHAR)];
ULONG Length = sizeof(Buffer);
POBJECT_NAME_INFORMATION FileNameInfo = (POBJECT_NAME_INFORMATION)Buffer;
ULONG Length;
POBJECT_NAME_INFORMATION FileNameInfo;
HivePath.Buffer = NULL;
FileNameInfo = NULL;
/* Create or open the hive list key */
InitializeObjectAttributes(&ObjectAttributes,
@ -172,6 +172,27 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
/* Get the name of the corresponding file */
if (!(Hive->Hive.HiveFlags & HIVE_VOLATILE))
{
/* Determine the right buffer size and allocate */
Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
ObjectNameInformation,
NULL,
0,
&Length);
if (Status != STATUS_BUFFER_TOO_SMALL)
{
DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status);
goto Quickie;
}
FileNameInfo = ExAllocatePoolWithTag(PagedPool,
Length + sizeof(UNICODE_NULL),
TAG_CM);
if (FileNameInfo == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto Quickie;
}
/* Try to get the value */
Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
ObjectNameInformation,
@ -215,7 +236,14 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
Quickie:
/* Cleanup and return status */
if (HivePath.Buffer) ExFreePoolWithTag(HivePath.Buffer, TAG_CM);
if (HivePath.Buffer)
{
ExFreePoolWithTag(HivePath.Buffer, TAG_CM);
}
if (FileNameInfo)
{
ExFreePoolWithTag(FileNameInfo, TAG_CM);
}
ObCloseHandle(KeyHandle, KernelMode);
return Status;
}