From 703b182d8f16021845e2125caed8ae2ea83dddb6 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Mon, 7 Nov 2011 01:47:55 +0000
Subject: [PATCH] [NPFS] - Fix an access-after-free bug

svn path=/trunk/; revision=54330
---
 reactos/drivers/filesystems/npfs/fsctrl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reactos/drivers/filesystems/npfs/fsctrl.c b/reactos/drivers/filesystems/npfs/fsctrl.c
index 8bd4a1a9174..394f5b2987a 100644
--- a/reactos/drivers/filesystems/npfs/fsctrl.c
+++ b/reactos/drivers/filesystems/npfs/fsctrl.c
@@ -92,6 +92,7 @@ NpfsConnectPipe(PIRP Irp,
     PNPFS_FCB Fcb;
     PNPFS_CCB ClientCcb;
     NTSTATUS Status;
+    KPROCESSOR_MODE WaitMode;
 
     DPRINT("NpfsConnectPipe()\n");
 
@@ -124,6 +125,7 @@ NpfsConnectPipe(PIRP Irp,
     IoStack = IoGetCurrentIrpStackLocation(Irp);
     FileObject = IoStack->FileObject;
     Flags = FileObject->Flags;
+    WaitMode = Irp->RequestorMode;
 
     /* search for a listening client fcb */
     KeLockMutex(&Fcb->CcbListLock);
@@ -183,7 +185,7 @@ NpfsConnectPipe(PIRP Irp,
     {
         KeWaitForSingleObject(&Ccb->ConnectEvent,
             UserRequest,
-            Irp->RequestorMode,
+            WaitMode,
             (Flags & FO_ALERTABLE_IO),
             NULL);
     }