Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-10-06 01:13:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dmitry G. Gorbachev (hto at mail cnt dot ru):

Browse source 
NtOpenKey() calls ObpCaptureObjectAttributes() which can return null
ObjectName.

Then null pointer used in
 if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\')
which leads to a crash.

svn path=/trunk/; revision=25332
This commit is contained in:
Aleksey Bragin 2007-01-06 19:14:41 +00:00
parent 01ff2d0170
commit a227f30dac
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
reactos/ntoskrnl/cm/ntfunc.c
View file

@ -1367,7 +1367,8 @@ NtOpenKey(OUT PHANDLE KeyHandle,
return Status; return Status;
} }
if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') if (ObjectName.Buffer &&
ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\')
{ {
ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] = UNICODE_NULL; ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] = UNICODE_NULL;
ObjectName.Length -= sizeof(WCHAR); ObjectName.Length -= sizeof(WCHAR);