From e5e4362b6dc87a2e001cb3f68000e85f7fede4fd Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Sat, 17 Aug 2019 16:39:55 +0300 Subject: [PATCH] [UDFS] Fix NewCFBName leakage in UDFFirstOpenFile() CORE-11098 --- drivers/filesystems/udfs/create.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/filesystems/udfs/create.cpp b/drivers/filesystems/udfs/create.cpp index 3c777e8f493..6455389d52b 100644 --- a/drivers/filesystems/udfs/create.cpp +++ b/drivers/filesystems/udfs/create.cpp @@ -2312,7 +2312,10 @@ UDFFirstOpenFile( ((LocalPath->Buffer[LocalPath->Length/sizeof(WCHAR)-1] != L':') /*&& (LocalPath->Buffer[LocalPath->Length/sizeof(WCHAR)-1] != L'\\')*/) )) { RC = MyAppendUnicodeToString(&(NewFCBName->ObjectName), L"\\"); - if(!NT_SUCCESS(RC)) return STATUS_INSUFFICIENT_RESOURCES; + if(!NT_SUCCESS(RC)) { + UDFReleaseObjectName(NewFCBName); + return STATUS_INSUFFICIENT_RESOURCES; + } } // Make link between Fcb and FileInfo @@ -2321,9 +2324,11 @@ UDFFirstOpenFile( (*PtrNewFcb)->ParentFcb = RelatedFileInfo->Fcb; if(!((*PtrNewFcb)->NTRequiredFCB = NewFileInfo->Dloc->CommonFcb)) { - if(!((*PtrNewFcb)->NTRequiredFCB = - (PtrUDFNTRequiredFCB)MyAllocatePool__(NonPagedPool, UDFQuadAlign(sizeof(UDFNTRequiredFCB))) ) ) + (*PtrNewFcb)->NTRequiredFCB = (PtrUDFNTRequiredFCB)MyAllocatePool__(NonPagedPool, UDFQuadAlign(sizeof(UDFNTRequiredFCB))); + if(!((*PtrNewFcb)->NTRequiredFCB)) { + UDFReleaseObjectName(NewFCBName); return STATUS_INSUFFICIENT_RESOURCES; + } UDFPrint(("UDFAllocateNtReqFCB: %x\n", (*PtrNewFcb)->NTRequiredFCB)); RtlZeroMemory((*PtrNewFcb)->NTRequiredFCB, UDFQuadAlign(sizeof(UDFNTRequiredFCB))); @@ -2333,6 +2338,7 @@ UDFFirstOpenFile( if(!(NewFileInfo->Dloc->CommonFcb->NtReqFCBFlags & UDF_NTREQ_FCB_VALID)) { (*PtrNewFcb)->NTRequiredFCB = NULL; BrutePoint(); + UDFReleaseObjectName(NewFCBName); return STATUS_ACCESS_DENIED; } }