Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-10-15 13:45:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

properly capture the file name in NtQueryDirectoryFile

Browse source 
svn path=/trunk/; revision=19753
This commit is contained in:
Thomas Bluemel 2005-11-29 21:49:41 +00:00
parent eaf958a931
commit 3bbec11174
1 changed files with 36 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
reactos/ntoskrnl/io/file.c
View file

@ -2458,7 +2458,7 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
{ {
PIRP Irp; PIRP Irp;
PDEVICE_OBJECT DeviceObject; PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject; PFILE_OBJECT FileObject = NULL;
PIO_STACK_LOCATION StackPtr; PIO_STACK_LOCATION StackPtr;
KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
@ -2482,21 +2482,21 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
sizeof(ULONG)); sizeof(ULONG));
if (FileName) if (FileName)
{ {
ProbeForRead(FileName, UNICODE_STRING CapturedFileName;
sizeof(UNICODE_STRING),
CapturedFileName = ProbeForReadUnicodeString(FileName);
ProbeForRead(CapturedFileName.Buffer,
CapturedFileName.MaximumLength,
1); 1);
ProbeForRead(FileName->Buffer, SearchPattern = ExAllocatePool(NonPagedPool, CapturedFileName.Length + sizeof(WCHAR) + sizeof(UNICODE_STRING));
FileName->MaximumLength,
1);
SearchPattern = ExAllocatePool(NonPagedPool, FileName->Length + sizeof(WCHAR) + sizeof(UNICODE_STRING));
if (SearchPattern == NULL) if (SearchPattern == NULL)
{ {
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
_SEH_LEAVE; _SEH_LEAVE;
} }
SearchPattern->Buffer = (PWCHAR)((ULONG_PTR)SearchPattern + sizeof(UNICODE_STRING)); SearchPattern->Buffer = (PWCHAR)((ULONG_PTR)SearchPattern + sizeof(UNICODE_STRING));
SearchPattern->MaximumLength = FileName->Length + sizeof(WCHAR); SearchPattern->MaximumLength = CapturedFileName.Length + sizeof(WCHAR);
RtlCopyUnicodeString(SearchPattern, FileName); RtlCopyUnicodeString(SearchPattern, &CapturedFileName);
} }
} }
_SEH_HANDLE _SEH_HANDLE
@ -2507,11 +2507,7 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
if(!NT_SUCCESS(Status)) if(!NT_SUCCESS(Status))
{ {
if (SearchPattern) goto Cleanup;
{
ExFreePool(SearchPattern);
}
return Status;
} }
} }
@ -2524,11 +2520,7 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
NULL); NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
if (SearchPattern) goto Cleanup;
{
ExFreePool(SearchPattern);
}
return Status;
} }
/* Get Event Object */ /* Get Event Object */
@ -2540,15 +2532,11 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
PreviousMode, PreviousMode,
(PVOID *)&Event, (PVOID *)&Event,
NULL); NULL);
if (NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
ObDereferenceObject(FileObject); goto Cleanup;
if (SearchPattern)
{
ExFreePool(SearchPattern);
}
return(Status);
} }
KeClearEvent(Event); KeClearEvent(Event);
} }
@ -2576,16 +2564,8 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
/* Allocate the IRP */ /* Allocate the IRP */
if (!(Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE))) if (!(Irp = IoAllocateIrp(DeviceObject->StackSize, FALSE)))
{ {
ObDereferenceObject(FileObject); Status = STATUS_INSUFFICIENT_RESOURCES;
if (PEvent) goto Cleanup;
{
ObDereferenceObject(Event);
}
if (SearchPattern)
{
ExFreePool(SearchPattern);
}
return STATUS_INSUFFICIENT_RESOURCES;
} }
/* Set up the IRP */ /* Set up the IRP */
@ -2638,6 +2618,26 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
} }
} }
/* don't dereference the event anymore! */
Event = NULL;
/* don't free the search pattern string */
SearchPattern = NULL;
Cleanup:
if (FileObject != NULL)
{
ObDereferenceObject(FileObject);
}
if (Event != NULL)
{
ObDereferenceObject(Event);
}
if (SearchPattern != NULL)
{
ExFreePool(SearchPattern);
}
/* Return the Status */ /* Return the Status */
return Status; return Status;
} }