From d8316ddcfb90b069fd63ea362bb3920ebae5d305 Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey@reactos.org>
Date: Sat, 3 Jan 2009 09:18:55 +0000
Subject: [PATCH] - Add a missing EA buffer validation. - Free an EA buffer if
 it was allocated and error/exception happened.

svn path=/trunk/; revision=38521
---
 reactos/ntoskrnl/io/iomgr/file.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/reactos/ntoskrnl/io/iomgr/file.c b/reactos/ntoskrnl/io/iomgr/file.c
index 3277311c005..042fb4d7399 100644
--- a/reactos/ntoskrnl/io/iomgr/file.c
+++ b/reactos/ntoskrnl/io/iomgr/file.c
@@ -1700,6 +1700,16 @@ IoCreateFile(OUT PHANDLE FileHandle,
                 }
 
                 RtlCopyMemory(SystemEaBuffer, EaBuffer, EaLength);
+
+                /* Validate the buffer */
+                Status = IoCheckEaBufferValidity(SystemEaBuffer,
+                                                 EaLength,
+                                                 &EaErrorOffset);
+                if (!NT_SUCCESS(Status))
+                {
+                    DPRINT1("FIXME: IoCheckEaBufferValidity() failed with "
+                        "Status: %lx\n",Status);
+                }
             }
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
@@ -1708,7 +1718,14 @@ IoCreateFile(OUT PHANDLE FileHandle,
         }
         _SEH2_END;
 
-        if(!NT_SUCCESS(Status)) return Status;
+        if(!NT_SUCCESS(Status))
+        {
+            /* Free SystemEaBuffer if needed */
+            if (SystemEaBuffer) ExFreePoolWithTag(SystemEaBuffer, TAG_EA);
+
+            /* Return failure status */
+            return Status;
+        }
     }
     else
     {