mirror of
https://github.com/reactos/reactos.git
synced 2024-07-01 10:20:03 +00:00
[NTOS:IO] Avoid a fixed-length buffer in IopGetDriverObject. CORE-15882
This commit is contained in:
parent
6fdff1f970
commit
e1b20681f5
|
@ -108,7 +108,7 @@ IopGetDriverObject(
|
||||||
BOOLEAN FileSystem)
|
BOOLEAN FileSystem)
|
||||||
{
|
{
|
||||||
PDRIVER_OBJECT Object;
|
PDRIVER_OBJECT Object;
|
||||||
WCHAR NameBuffer[MAX_PATH];
|
UNICODE_STRING Prefix;
|
||||||
UNICODE_STRING DriverName;
|
UNICODE_STRING DriverName;
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
|
@ -123,14 +123,20 @@ IopGetDriverObject(
|
||||||
/* We don't know which DriverObject we have to open */
|
/* We don't know which DriverObject we have to open */
|
||||||
return STATUS_INVALID_PARAMETER_2;
|
return STATUS_INVALID_PARAMETER_2;
|
||||||
|
|
||||||
DriverName.Buffer = NameBuffer;
|
|
||||||
DriverName.Length = 0;
|
|
||||||
DriverName.MaximumLength = sizeof(NameBuffer);
|
|
||||||
|
|
||||||
if (FileSystem != FALSE)
|
if (FileSystem != FALSE)
|
||||||
RtlAppendUnicodeToString(&DriverName, FILESYSTEM_ROOT_NAME);
|
RtlInitUnicodeString(&Prefix, FILESYSTEM_ROOT_NAME);
|
||||||
else
|
else
|
||||||
RtlAppendUnicodeToString(&DriverName, DRIVER_ROOT_NAME);
|
RtlInitUnicodeString(&Prefix, DRIVER_ROOT_NAME);
|
||||||
|
|
||||||
|
DriverName.Length = 0;
|
||||||
|
DriverName.MaximumLength = Prefix.Length + ServiceName->Length + sizeof(UNICODE_NULL);
|
||||||
|
ASSERT(DriverName.MaximumLength > ServiceName->Length);
|
||||||
|
DriverName.Buffer = ExAllocatePoolWithTag(PagedPool, DriverName.MaximumLength, TAG_IO);
|
||||||
|
if (DriverName.Buffer == NULL)
|
||||||
|
{
|
||||||
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
}
|
||||||
|
RtlAppendUnicodeStringToString(&DriverName, &Prefix);
|
||||||
RtlAppendUnicodeStringToString(&DriverName, ServiceName);
|
RtlAppendUnicodeStringToString(&DriverName, ServiceName);
|
||||||
|
|
||||||
DPRINT("Driver name: '%wZ'\n", &DriverName);
|
DPRINT("Driver name: '%wZ'\n", &DriverName);
|
||||||
|
@ -144,6 +150,7 @@ IopGetDriverObject(
|
||||||
KernelMode,
|
KernelMode,
|
||||||
NULL, /* ParseContext */
|
NULL, /* ParseContext */
|
||||||
(PVOID*)&Object);
|
(PVOID*)&Object);
|
||||||
|
ExFreePoolWithTag(DriverName.Buffer, TAG_IO);
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
DPRINT("Failed to reference driver object, status=0x%08x\n", Status);
|
DPRINT("Failed to reference driver object, status=0x%08x\n", Status);
|
||||||
|
|
Loading…
Reference in a new issue