[ros-diffs] [reactos] 01/01: [NTOS:WMI] WMIP_GUID_OBJECT must start with an event object, as it is waitable.

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5e891f727f5bb07cf93fb… commit 5e891f727f5bb07cf93fb96959168c75865c3bda Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Tue Jan 28 19:52:55 2020 +0100 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sat Feb 15 20:43:26 2020 +0100 [NTOS:WMI] WMIP_GUID_OBJECT must start with an event object, as it is waitable. The initializer for WmipGuidObjectType does not set UseDefaultObject, and it's possible for user mode to obtain a handle to a GUID object with SYNCHRONIZE access. Therefore that handle can be passed to NtWaitForSingleObject, which means it must start with a DISPATCHER_HEADER. --- ntoskrnl/wmi/guidobj.c | 1 + ntoskrnl/wmi/wmip.h | 1 + 2 files changed, 2 insertions(+) diff --git a/ntoskrnl/wmi/guidobj.c b/ntoskrnl/wmi/guidobj.c index 1a13d36a03c..48b8481fd9a 100644 --- a/ntoskrnl/wmi/guidobj.c +++ b/ntoskrnl/wmi/guidobj.c @@ -204,6 +204,7 @@ WmipCreateGuidObject( } RtlZeroMemory(GuidObject, sizeof(*GuidObject)); + KeInitializeEvent(&GuidObject->Event, NotificationEvent, FALSE); GuidObject->Guid = *Guid; *OutGuidObject = GuidObject; diff --git a/ntoskrnl/wmi/wmip.h b/ntoskrnl/wmi/wmip.h index 69ecf7d0572..f45cba01139 100644 --- a/ntoskrnl/wmi/wmip.h +++ b/ntoskrnl/wmi/wmip.h @@ -12,6 +12,7 @@ typedef struct _WMIP_IRP_CONTEXT typedef struct _WMIP_GUID_OBJECT { + KEVENT Event; GUID Guid; PIRP Irp; LIST_ENTRY IrpLink;