Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:WMI] WMIP_GUID_OBJECT must start with an event object, as it is waitable.

Browse source 
The initializer for WmipGuidObjectType does not set UseDefaultObject,
and it's possible for user mode to obtain a handle to a GUID object
with SYNCHRONIZE access. Therefore that handle can be passed to
NtWaitForSingleObject, which means it must start with a DISPATCHER_HEADER.
This commit is contained in:
Thomas Faber 2020-01-28 19:52:55 +01:00
parent 7075bdacb2
commit 5e891f727f
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ntoskrnl/wmi/guidobj.c
View file

@ -204,6 +204,7 @@ WmipCreateGuidObject(
} }
RtlZeroMemory(GuidObject, sizeof(*GuidObject)); RtlZeroMemory(GuidObject, sizeof(*GuidObject));
KeInitializeEvent(&GuidObject->Event, NotificationEvent, FALSE);
GuidObject->Guid = *Guid; GuidObject->Guid = *Guid;
*OutGuidObject = GuidObject; *OutGuidObject = GuidObject;

1
ntoskrnl/wmi/wmip.h
View file

@ -12,6 +12,7 @@ typedef struct _WMIP_IRP_CONTEXT
typedef struct _WMIP_GUID_OBJECT typedef struct _WMIP_GUID_OBJECT
{ {
KEVENT Event;
GUID Guid; GUID Guid;
PIRP Irp; PIRP Irp;
LIST_ENTRY IrpLink; LIST_ENTRY IrpLink;