Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-30 09:50:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:IO][NTOS:PNP] Fix incorrect usage of IopGetRegistryValue

Browse source 
KEY_VALUE_FULL_INFORMATION was not always freed properly
This commit is contained in:
Victor Perevertkin 2021-03-19 01:07:22 +03:00
parent 42094071ee
commit aec3d9cc8f
No known key found for this signature in database
GPG key ID: C750B7222E9C7830
2 changed files with 55 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ntoskrnl/io/iomgr/driver.c
View file

@ -195,7 +195,12 @@ IopGetDriverNames(
if (driverName.Buffer == NULL) if (driverName.Buffer == NULL)
{ {
status = IopGetRegistryValue(ServiceHandle, L"Type", &kvInfo); status = IopGetRegistryValue(ServiceHandle, L"Type", &kvInfo);
if (!NT_SUCCESS(status) || kvInfo->Type != REG_DWORD) if (!NT_SUCCESS(status))
{
ExFreePoolWithTag(basicInfo, TAG_IO);
return status;
}
if (kvInfo->Type != REG_DWORD)
{ {
ExFreePool(kvInfo); ExFreePool(kvInfo);
ExFreePoolWithTag(basicInfo, TAG_IO); // container for serviceName ExFreePoolWithTag(basicInfo, TAG_IO); // container for serviceName

90
ntoskrnl/io/pnpmgr/devaction.c
View file

@ -419,11 +419,15 @@ PiAttachFilterDriversCallback(
SERVICE_LOAD_TYPE startType = DisableLoad; SERVICE_LOAD_TYPE startType = DisableLoad;
Status = IopGetRegistryValue(serviceHandle, L"Start", &kvInfo); Status = IopGetRegistryValue(serviceHandle, L"Start", &kvInfo);
if (NT_SUCCESS(Status) && kvInfo->Type == REG_DWORD) if (NT_SUCCESS(Status))
{ {
RtlMoveMemory(&startType, if (kvInfo->Type == REG_DWORD)
(PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset), {
sizeof(startType)); RtlMoveMemory(&startType,
(PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset),
sizeof(startType));
}
ExFreePool(kvInfo); ExFreePool(kvInfo);
} }
@ -621,52 +625,56 @@ PiCallDriverAddDevice(
// try to get the class GUID of an instance and its registry key // try to get the class GUID of an instance and its registry key
Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo); Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo);
if (NT_SUCCESS(Status) && kvInfo->Type == REG_SZ && kvInfo->DataLength > sizeof(WCHAR)) if (NT_SUCCESS(Status))
{ {
UNICODE_STRING classGUID = { if (kvInfo->Type == REG_SZ && kvInfo->DataLength > sizeof(WCHAR))
.MaximumLength = kvInfo->DataLength, {
.Length = kvInfo->DataLength - sizeof(UNICODE_NULL), UNICODE_STRING classGUID = {
.Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset) .MaximumLength = kvInfo->DataLength,
}; .Length = kvInfo->DataLength - sizeof(UNICODE_NULL),
HANDLE ccsControlHandle; .Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset)
};
HANDLE ccsControlHandle;
Status = IopOpenRegistryKeyEx(&ccsControlHandle, NULL, &ccsControlClass, KEY_READ); Status = IopOpenRegistryKeyEx(&ccsControlHandle, NULL, &ccsControlClass, KEY_READ);
if (!NT_SUCCESS(Status))
{
DPRINT1("IopOpenRegistryKeyEx() failed for \"%wZ\" (status %x)\n",
&ccsControlClass, Status);
}
else
{
// open the CCS\Control\Class\<ClassGUID> key
Status = IopOpenRegistryKeyEx(&ClassKey, ccsControlHandle, &classGUID, KEY_READ);
ZwClose(ccsControlHandle);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DPRINT1("Failed to open class key \"%wZ\" (status %x)\n", &classGUID, Status); DPRINT1("IopOpenRegistryKeyEx() failed for \"%wZ\" (status %x)\n",
} &ccsControlClass, Status);
}
if (ClassKey)
{
// Check the Properties key of a class too
// Windows fills some device properties from this key (which is protected)
// TODO: add the device properties from this key
UNICODE_STRING properties = RTL_CONSTANT_STRING(REGSTR_KEY_DEVICE_PROPERTIES);
HANDLE propertiesHandle;
Status = IopOpenRegistryKeyEx(&propertiesHandle, ClassKey, &properties, KEY_READ);
if (!NT_SUCCESS(Status))
{
DPRINT("Properties key failed to open for \"%wZ\" (status %x)\n",
&classGUID, Status);
} }
else else
{ {
ZwClose(propertiesHandle); // open the CCS\Control\Class\<ClassGUID> key
Status = IopOpenRegistryKeyEx(&ClassKey, ccsControlHandle, &classGUID, KEY_READ);
ZwClose(ccsControlHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to open class key \"%wZ\" (status %x)\n", &classGUID, Status);
}
}
if (ClassKey)
{
// Check the Properties key of a class too
// Windows fills some device properties from this key (which is protected)
// TODO: add the device properties from this key
UNICODE_STRING properties = RTL_CONSTANT_STRING(REGSTR_KEY_DEVICE_PROPERTIES);
HANDLE propertiesHandle;
Status = IopOpenRegistryKeyEx(&propertiesHandle, ClassKey, &properties, KEY_READ);
if (!NT_SUCCESS(Status))
{
DPRINT("Properties key failed to open for \"%wZ\" (status %x)\n",
&classGUID, Status);
}
else
{
ZwClose(propertiesHandle);
}
} }
} }
ExFreePool(kvInfo); ExFreePool(kvInfo);
} }