Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-26 08:30:21 +00:00
Code Issues Projects Releases Packages Wiki Activity

[TCPIP] Don't trust the TEB

Browse source 
And trust the Russian hackers to exploit that.
This commit is contained in:
Pierre Schweitzer 2019-01-02 23:01:24 +01:00
parent 333ce14dad
commit 9d0eb9b7b8
No known key found for this signature in database
GPG key ID: 7545556C3D585B0B
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
drivers/network/tcpip/include/precomp.h
View file

@ -16,5 +16,6 @@
#include <lock.h> #include <lock.h>
#include <interface.h> #include <interface.h>
#include <chew/chew.h> #include <chew/chew.h>
#include <pseh/pseh2.h>
#endif /* _TCPIP_PCH_ */ #endif /* _TCPIP_PCH_ */

14
drivers/network/tcpip/tcpip/fileobjs.c
View file

@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress(
PVOID Options) PVOID Options)
{ {
PADDRESS_FILE AddrFile; PADDRESS_FILE AddrFile;
PTEB Teb;
TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol)); TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress(
AddrFile->HeaderIncl = 1; AddrFile->HeaderIncl = 1;
AddrFile->ProcessId = PsGetCurrentProcessId(); AddrFile->ProcessId = PsGetCurrentProcessId();
Teb = PsGetCurrentThreadTeb(); _SEH2_TRY {
if (Teb != NULL) { PTEB Teb;
AddrFile->SubProcessTag = Teb->SubProcessTag;
} Teb = PsGetCurrentThreadTeb();
if (Teb != NULL)
AddrFile->SubProcessTag = Teb->SubProcessTag;
} _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
AddrFile->SubProcessTag = 0;
} _SEH2_END;
KeQuerySystemTime(&AddrFile->CreationTime); KeQuerySystemTime(&AddrFile->CreationTime);