NtSetSystemInformation: - Don't leak the copied string when being called from user mode. - Don't recursively call ZwSetSystemInformation, instead continue the normal path.

svn path=/trunk/; revision=39985
2025-07-31 14:31:50 +00:00 · 2009-03-12 18:29:11 +00:00 · 2009-03-12 18:29:11 +00:00 · 36277461a1
commit 36277461a1
parent 53899ff4fa
1 changed files with 6 additions and 10 deletions
--- a/reactos/ntoskrnl/ex/sysinfo.c
+++ b/reactos/ntoskrnl/ex/sysinfo.c
@ -1587,18 +1587,10 @@ SSI_DEF(SystemExtendServiceTableInformation)
            /* FIXME: We can't, fail */
            //return STATUS_PRIVILEGE_NOT_HELD;
        }
-
-        /* Probe and capture the driver name */
-        ProbeAndCaptureUnicodeString(&ImageName, UserMode, Buffer);
-
-        /* Force kernel as previous mode */
-        return ZwSetSystemInformation(SystemExtendServiceTableInformation,
-                                      &ImageName,
-                                      sizeof(ImageName));
    }

-    /* Just copy the string */
-    ImageName = *(PUNICODE_STRING)Buffer;
+    /* Probe and capture the driver name */
+    ProbeAndCaptureUnicodeString(&ImageName, PreviousMode, Buffer);

    /* Load the image */
    Status = MmLoadSystemImage(&ImageName,
@ -1607,6 +1599,10 @@ SSI_DEF(SystemExtendServiceTableInformation)
                               0,
                               (PVOID)&ModuleObject,
                               &ImageBase);
+
+    /* Release String */
+    ReleaseCapturedUnicodeString(&ImageName, PreviousMode);
+
    if (!NT_SUCCESS(Status)) return Status;

    /* Get the headers */