[ros-diffs] 02/04: [NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack before returning it

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=670a7ac7188f4912a48a5… commit 670a7ac7188f4912a48a50bae4d275f2f21e1810 Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Fri Oct 5 10:39:50 2018 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Fri Oct 5 10:49:59 2018 +0200 [NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack before returning it --- ntoskrnl/io/iomgr/device.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/io/iomgr/device.c b/ntoskrnl/io/iomgr/device.c index 189e47b71b..416a16e6aa 100644 --- a/ntoskrnl/io/iomgr/device.c +++ b/ntoskrnl/io/iomgr/device.c @@ -6,6 +6,7 @@ * PROGRAMMERS: Alex Ionescu (alex.ionescu(a)reactos.org) * Filip Navara (navaraf(a)reactos.org) * Hervé Poussineau (hpoussin(a)reactos.org) + * Pierre Schweitzer */ /* INCLUDES *******************************************************************/ @@ -1387,8 +1388,10 @@ IoGetRelatedDeviceObject(IN PFILE_OBJECT FileObject) /* Cast the buffer to something we understand */ FileObjectExtension = FileObject->FileObjectExtension; - /* Check if have a replacement top level device */ - if (FileObjectExtension->TopDeviceObjectHint) + /* Check if have a valid replacement top level device */ + if (FileObjectExtension->TopDeviceObjectHint && + IopVerifyDeviceObjectOnStack(DeviceObject, + FileObjectExtension->TopDeviceObjectHint)) { /* Use this instead of returning the top level device */ return FileObjectExtension->TopDeviceObjectHint;