From ac6c5a473875d803e975c29c6d05d8fb9cbe616a Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Mon, 27 Feb 2012 19:31:11 +0000
Subject: [PATCH] [NTOSKRNL] - Fix kernel memory corruption when a driver fails
 to initialize - Fix a handle leak in a failure case

svn path=/trunk/; revision=55887
---
 reactos/ntoskrnl/io/iomgr/driver.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/reactos/ntoskrnl/io/iomgr/driver.c b/reactos/ntoskrnl/io/iomgr/driver.c
index 41300a60060..84eabef6dfb 100644
--- a/reactos/ntoskrnl/io/iomgr/driver.c
+++ b/reactos/ntoskrnl/io/iomgr/driver.c
@@ -1538,6 +1538,10 @@ try_again:
                                        KernelMode,
                                        (PVOID*)&DriverObject,
                                        NULL);
+
+    /* Close the extra handle */
+    ZwClose(hDriver);
+
     if (!NT_SUCCESS(Status))
     {
         /* Fail */
@@ -1546,9 +1550,6 @@ try_again:
         return Status;
     }
 
-    /* Close the extra handle */
-    ZwClose(hDriver);
-
     DriverObject->HardwareDatabase = &IopHardwareDatabaseKey;
     DriverObject->DriverStart = ModuleObject ? ModuleObject->DllBase : 0;
     DriverObject->DriverSize = ModuleObject ? ModuleObject->SizeOfImage : 0;
@@ -1564,6 +1565,7 @@ try_again:
         DriverObject->DriverSection = NULL;
         ObMakeTemporaryObject(DriverObject);
         ObDereferenceObject(DriverObject);
+        return Status;
     }
     else
     {