Re: [ros-diffs] [hpoussin] 18442: Don't always return STATUS_BUFFER_TOO_SMALL when an error occurs in ZwQueryValueKey.
14 Oct
2005
14 Oct
'05
3:12 p.m.
hpoussin(a)svn.reactos.com wrote:
Don't always return STATUS_BUFFER_TOO_SMALL when an
error occurs in ZwQueryValueKey.
The "if" was triggered because ValueInformation->DataLength is 0xcdcdcdcd at
the return of the function
But that means that the memory was freed during the failure, so now the
ExFreePool will run into a double-free!
Modified: trunk/reactos/ntoskrnl/io/pnpmgr.c
------------------------------------------------------------------------
*Modified: trunk/reactos/ntoskrnl/io/pnpmgr.c*
--- trunk/reactos/ntoskrnl/io/pnpmgr.c 2005-10-14 13:00:18 UTC (rev 18441)
+++ trunk/reactos/ntoskrnl/io/pnpmgr.c 2005-10-14 13:04:11 UTC (rev 18442)
@@ -322,15 +322,18 @@
*ResultLength = ValueInformation->DataLength;
ZwClose(KeyHandle);
- if (ValueInformation->DataLength > BufferLength)
- Status = STATUS_BUFFER_TOO_SMALL;
-
if (!NT_SUCCESS(Status))
{
ExFreePool(ValueInformation);
return Status;
}
+ if (ValueInformation->DataLength > BufferLength)
+ {
+ ExFreePool(ValueInformation);
+ return STATUS_BUFFER_TOO_SMALL;
+ }
+
/* FIXME: Verify the value (NULL-terminated, correct format). */
RtlCopyMemory(PropertyBuffer, ValueInformation->Data,
Please check this out in more detail...
Best regards,
Alex Ionescu
7013
days inactive
7013
days old
0 comments
1 participants
participants (1)
-
Alex Ionescu