Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-20 09:36:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882

Browse source 
Actually fixes ntdll_apitest:NtLoadUnloadKey.
This commit is contained in:
Thomas Faber 2019-05-07 13:51:06 +02:00
parent 627f0242ad
commit f86360fdbc
No known key found for this signature in database
GPG key ID: 076E7C3D44720826
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ntoskrnl/config/cmhvlist.c
View file

@ -135,6 +135,7 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
UNICODE_STRING HivePath; UNICODE_STRING HivePath;
PWCHAR FilePath; PWCHAR FilePath;
ULONG Length; ULONG Length;
OBJECT_NAME_INFORMATION DummyNameInfo;
POBJECT_NAME_INFORMATION FileNameInfo; POBJECT_NAME_INFORMATION FileNameInfo;
HivePath.Buffer = NULL; HivePath.Buffer = NULL;
@ -175,10 +176,10 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
/* Determine the right buffer size and allocate */ /* Determine the right buffer size and allocate */
Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY], Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
ObjectNameInformation, ObjectNameInformation,
NULL, &DummyNameInfo,
0, sizeof(DummyNameInfo),
&Length); &Length);
if (Status != STATUS_INFO_LENGTH_MISMATCH) if (Status != STATUS_BUFFER_OVERFLOW)
{ {
DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status); DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status);
goto Quickie; goto Quickie;

7
ntoskrnl/config/cmlazy.c
View file

@ -279,6 +279,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
UNICODE_STRING FileName; UNICODE_STRING FileName;
PWCHAR FilePath; PWCHAR FilePath;
ULONG Length; ULONG Length;
OBJECT_NAME_INFORMATION DummyNameInfo;
POBJECT_NAME_INFORMATION FileNameInfo; POBJECT_NAME_INFORMATION FileNameInfo;
PAGED_CODE(); PAGED_CODE();
@ -299,10 +300,10 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
/* Determine the right buffer size and allocate */ /* Determine the right buffer size and allocate */
Status = ZwQueryObject(FileAttributes->RootDirectory, Status = ZwQueryObject(FileAttributes->RootDirectory,
ObjectNameInformation, ObjectNameInformation,
NULL, &DummyNameInfo,
0, sizeof(DummyNameInfo),
&Length); &Length);
if (Status != STATUS_INFO_LENGTH_MISMATCH) if (Status != STATUS_BUFFER_OVERFLOW)
{ {
DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status); DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status);
return Status; return Status;