Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 21:03:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOSKRNL]

Browse source 
- Fix potential use-after-free CID 732509
- Fix buffer size in call to ObQueryNameString

svn path=/trunk/; revision=64903
This commit is contained in:
Timo Kreuzer 2014-10-22 19:20:03 +00:00
parent f42c9182f2
commit 86018d03c4
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
reactos/ntoskrnl/io/iomgr/error.c
View file

@ -310,11 +310,9 @@ IopLogWorker(IN PVOID Parameter)
/* We do, query its name */ /* We do, query its name */
Status = ObQueryNameString(LogEntry->DeviceObject, Status = ObQueryNameString(LogEntry->DeviceObject,
ObjectNameInfo, ObjectNameInfo,
sizeof(OBJECT_NAME_INFORMATION) + sizeof(Buffer),
100 -
DriverNameLength,
&ReturnedLength); &ReturnedLength);
if ((!NT_SUCCESS(Status)) || !(ObjectNameInfo->Name.Length)) if (!NT_SUCCESS(Status) || (ObjectNameInfo->Name.Length == 0))
{ {
/* Setup an empty name */ /* Setup an empty name */
ObjectNameInfo->Name.Length = 0; ObjectNameInfo->Name.Length = 0;
@ -371,6 +369,7 @@ IopLogWorker(IN PVOID Parameter)
{ {
ExFreePool(PoolObjectNameInfo); ExFreePool(PoolObjectNameInfo);
PoolObjectNameInfo = NULL; PoolObjectNameInfo = NULL;
ObjectNameInfo = (POBJECT_NAME_INFORMATION)&Buffer;
} }
/* Go to the next string buffer position */ /* Go to the next string buffer position */