[ros-diffs] [reactos] 03/09: [NTOS:PNP] Avoid a fixed-length stack buffer in IopActionConfigureChildServices. CORE-15882

5 May 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ccb91bebbe1c44fb16016…

commit ccb91bebbe1c44fb160165c6e717a56289d3ab5c
Author:     Thomas Faber &lt;thomas.faber(a)reactos.org&gt;
AuthorDate: Sun Mar 24 15:04:37 2019 +0100
Commit:     Thomas Faber &lt;thomas.faber(a)reactos.org&gt;
CommitDate: Sun May 5 10:39:07 2019 +0200

    [NTOS:PNP] Avoid a fixed-length stack buffer in IopActionConfigureChildServices.
CORE-15882
---
 ntoskrnl/io/pnpmgr/pnpmgr.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ntoskrnl/io/pnpmgr/pnpmgr.c b/ntoskrnl/io/pnpmgr/pnpmgr.c
index 1362a89f03..b4f59f4d17 100644
--- a/ntoskrnl/io/pnpmgr/pnpmgr.c
+++ b/ntoskrnl/io/pnpmgr/pnpmgr.c
@@ -2854,16 +2854,11 @@ IopActionConfigureChildServices(PDEVICE_NODE DeviceNode,
 
    if (!(DeviceNode->Flags & (DNF_DISABLED | DNF_STARTED | DNF_ADDED)))
    {
-      WCHAR RegKeyBuffer[MAX_PATH];
       UNICODE_STRING RegKey;
 
       /* Install the service for this if it's in the CDDB */
       IopInstallCriticalDevice(DeviceNode);
 
-      RegKey.Length = 0;
-      RegKey.MaximumLength = sizeof(RegKeyBuffer);
-      RegKey.Buffer = RegKeyBuffer;
-
       /*
        * Retrieve configuration from Enum key
        */
@@ -2885,11 +2880,24 @@ IopActionConfigureChildServices(PDEVICE_NODE DeviceNode,
       QueryTable[1].DefaultData = L"";
       QueryTable[1].DefaultLength = 0;
 
-      RtlAppendUnicodeToString(&RegKey,
L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\");
+      RegKey.Length = 0;
+      RegKey.MaximumLength = sizeof(ENUM_ROOT) + sizeof(WCHAR) +
DeviceNode->InstancePath.Length;
+      RegKey.Buffer = ExAllocatePoolWithTag(PagedPool,
+                                            RegKey.MaximumLength,
+                                            TAG_IO);
+      if (RegKey.Buffer == NULL)
+      {
+          IopDeviceNodeSetFlag(DeviceNode, DNF_DISABLED);
+          return STATUS_INSUFFICIENT_RESOURCES;
+      }
+
+      RtlAppendUnicodeToString(&RegKey, ENUM_ROOT);
+      RtlAppendUnicodeToString(&RegKey, L"\\");
       RtlAppendUnicodeStringToString(&RegKey, &DeviceNode->InstancePath);
 
       Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,
          RegKey.Buffer, QueryTable, NULL, NULL);
+      ExFreePoolWithTag(RegKey.Buffer, TAG_IO);
 
       if (!NT_SUCCESS(Status))
       {


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 03/09: [NTOS:PNP] Avoid a fixed-length stack buffer in IopActionConfigureChildServices. CORE-15882