[ros-diffs] [reactos] 01/01: [FASTFAT] Fix use after free when volume is unmounted

30 Jun 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9590cd15f4c1075b9b202…

commit 9590cd15f4c1075b9b2029dc7890d0e4e1b957ee
Author:     Timo Kreuzer &lt;timo.kreuzer(a)reactos.org&gt;
AuthorDate: Tue Jun 25 21:03:14 2019 +0200
Commit:     Timo Kreuzer &lt;timo.kreuzer(a)reactos.org&gt;
CommitDate: Sun Jun 30 13:57:14 2019 +0200

    [FASTFAT] Fix use after free when volume is unmounted
---
 drivers/filesystems/fastfat/cleanup.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/filesystems/fastfat/cleanup.c
b/drivers/filesystems/fastfat/cleanup.c
index d09df956ca4..ad5f120d914 100644
--- a/drivers/filesystems/fastfat/cleanup.c
+++ b/drivers/filesystems/fastfat/cleanup.c
@@ -18,9 +18,10 @@
 
 /*
  * FUNCTION: Cleans up after a file has been closed.
+ * Returns whether the device was deleted
  */
 static
-NTSTATUS
+BOOLEAN
 VfatCleanupFile(
     PVFAT_IRP_CONTEXT IrpContext)
 {
@@ -29,6 +30,7 @@ VfatCleanupFile(
     BOOLEAN IsVolume;
     PDEVICE_EXTENSION DeviceExt = IrpContext->DeviceExt;
     PFILE_OBJECT FileObject = IrpContext->FileObject;
+    BOOLEAN Deleted = FALSE;
 
     DPRINT("VfatCleanupFile(DeviceExt %p, FileObject %p)\n",
            IrpContext->DeviceExt, FileObject);
@@ -36,7 +38,7 @@ VfatCleanupFile(
     /* FIXME: handle file/directory deletion here */
     pFcb = (PVFATFCB)FileObject->FsContext;
     if (!pFcb)
-        return STATUS_SUCCESS;
+        return FALSE;
 
     IsVolume = BooleanFlagOn(pFcb->Flags, FCB_IS_VOLUME);
     if (IsVolume)
@@ -161,11 +163,11 @@ VfatCleanupFile(
 #ifdef ENABLE_SWAPOUT
     if (IsVolume && BooleanFlagOn(DeviceExt->Flags, VCB_DISMOUNT_PENDING))
     {
-        VfatCheckForDismount(DeviceExt, TRUE);
+        Deleted = VfatCheckForDismount(DeviceExt, TRUE);
     }
 #endif
 
-    return STATUS_SUCCESS;
+    return Deleted;
 }
 
 /*
@@ -175,7 +177,7 @@ NTSTATUS
 VfatCleanup(
     PVFAT_IRP_CONTEXT IrpContext)
 {
-    NTSTATUS Status;
+    BOOLEAN Deleted;
 
     DPRINT("VfatCleanup(DeviceObject %p, Irp %p)\n",
IrpContext->DeviceObject, IrpContext->Irp);
 
@@ -186,11 +188,11 @@ VfatCleanup(
     }
 
     ExAcquireResourceExclusiveLite(&IrpContext->DeviceExt->DirResource, TRUE);
-    Status = VfatCleanupFile(IrpContext);
-    ExReleaseResourceLite(&IrpContext->DeviceExt->DirResource);
+    Deleted = VfatCleanupFile(IrpContext);
+    if (!Deleted) ExReleaseResourceLite(&IrpContext->DeviceExt->DirResource);
 
     IrpContext->Irp->IoStatus.Information = 0;
-    return Status;
+    return STATUS_SUCCESS;
 }
 
 /* EOF */


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 01/01: [FASTFAT] Fix use after free when volume is unmounted