From e63b48188ec46559c4061945a79ea89c9fbfbf1b Mon Sep 17 00:00:00 2001
From: Thomas Bluemel <thomas@reactsoft.com>
Date: Sat, 29 Oct 2005 14:51:18 +0000
Subject: [PATCH] - deleting a registry value requires the KEY_SET_VALUE right
 - capture the value name

svn path=/trunk/; revision=18851
---
 reactos/ntoskrnl/cm/ntfunc.c | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/reactos/ntoskrnl/cm/ntfunc.c b/reactos/ntoskrnl/cm/ntfunc.c
index 7f598242deb..ff51a25fff6 100644
--- a/reactos/ntoskrnl/cm/ntfunc.c
+++ b/reactos/ntoskrnl/cm/ntfunc.c
@@ -1616,7 +1616,7 @@ NtQueryValueKey(IN HANDLE KeyHandle,
 
   if (!NT_SUCCESS(Status))
     {
-      DPRINT1("ObReferenceObjectByHandle() failed with status %x\n", Status);
+      DPRINT1("ObReferenceObjectByHandle() failed with status %x %p\n", Status, KeyHandle);
       return Status;
     }
   
@@ -2038,27 +2038,42 @@ NtDeleteValueKey (IN HANDLE KeyHandle,
   NTSTATUS Status;
   REG_DELETE_VALUE_KEY_INFORMATION DeleteValueKeyInfo;
   REG_POST_OPERATION_INFORMATION PostOperationInfo;
+  KPROCESSOR_MODE PreviousMode;
+  UNICODE_STRING CapturedValueName;
 
   PAGED_CODE();
+  
+  PreviousMode = KeGetPreviousMode();
 
   /* Verify that the handle is valid and is a registry key */
   Status = ObReferenceObjectByHandle(KeyHandle,
-		KEY_QUERY_VALUE,
+		KEY_SET_VALUE,
 		CmiKeyType,
-		UserMode,
+		PreviousMode,
 		(PVOID *)&KeyObject,
 		NULL);
   if (!NT_SUCCESS(Status))
     {
       return Status;
     }
-  
-  DeleteValueKeyInfo.Object = (PVOID)KeyObject;
-  DeleteValueKeyInfo.ValueName = ValueName;
 
+  Status = ProbeAndCaptureUnicodeString(&CapturedValueName,
+                                        PreviousMode,
+                                        ValueName);
+  if (!NT_SUCCESS(Status))
+    {
+      goto Fail;
+    }
+  DeleteValueKeyInfo.Object = (PVOID)KeyObject;
+  DeleteValueKeyInfo.ValueName = &CapturedValueName;
+
+  /* FIXME - check if value exists before calling the callbacks? */
   Status = CmiCallRegisteredCallbacks(RegNtPreDeleteValueKey, &DeleteValueKeyInfo);
   if (!NT_SUCCESS(Status))
     {
+      ReleaseCapturedUnicodeString(&CapturedValueName,
+                                   PreviousMode);
+Fail:
       ObDereferenceObject(KeyObject);
       return Status;
     }
@@ -2081,6 +2096,9 @@ NtDeleteValueKey (IN HANDLE KeyHandle,
   ExReleaseResourceLite(&CmiRegistryLock);
   KeLeaveCriticalRegion();
 
+  ReleaseCapturedUnicodeString(&CapturedValueName,
+                               PreviousMode);
+
   PostOperationInfo.Object = (PVOID)KeyObject;
   PostOperationInfo.Status = Status;