Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-29 01:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:IO] Fail if the driver name passed to NtLoadDriver() is an empty string.

Browse source 
Otherwise an assertion on the driver name is hit later on.
Can be reproduced by calling NtLoadDriver with a valid UNICODE_STRING
of Length == 0.
This commit is contained in:
Hermès Bélusca-Maïto 2020-12-27 00:33:32 +01:00
parent 44511f0809
commit a748350fc9
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ntoskrnl/io/iomgr/driver.c
View file

@ -1251,7 +1251,7 @@ IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
DPRINT("IopUnloadDriver('%wZ', %u)\n", &CapturedServiceName, UnloadPnpDrivers);
/* We need a service name */
if (CapturedServiceName.Length == 0)
if (CapturedServiceName.Length == 0 || CapturedServiceName.Buffer == NULL)
{
ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
return STATUS_INVALID_PARAMETER;
@ -2161,6 +2161,13 @@ NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
DPRINT("NtLoadDriver('%wZ')\n", &CapturedServiceName);
/* We need a service name */
if (CapturedServiceName.Length == 0 || CapturedServiceName.Buffer == NULL)
{
ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
return STATUS_INVALID_PARAMETER;
}
/* Load driver and call its entry point */
DriverObject = NULL;
Status = IopLoadUnloadDriver(&CapturedServiceName, &DriverObject);