https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9d0eb9b7b85a5fb7b26065...
commit 9d0eb9b7b85a5fb7b26065a46600fe5edc4dbdab Author: Pierre Schweitzer pierre@reactos.org AuthorDate: Wed Jan 2 23:01:24 2019 +0100 Commit: Pierre Schweitzer pierre@reactos.org CommitDate: Wed Jan 2 23:02:44 2019 +0100
[TCPIP] Don't trust the TEB
And trust the Russian hackers to exploit that. --- drivers/network/tcpip/include/precomp.h | 1 + drivers/network/tcpip/tcpip/fileobjs.c | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/network/tcpip/include/precomp.h b/drivers/network/tcpip/include/precomp.h index b2cb75063d..a96c4a51c3 100644 --- a/drivers/network/tcpip/include/precomp.h +++ b/drivers/network/tcpip/include/precomp.h @@ -16,5 +16,6 @@ #include <lock.h> #include <interface.h> #include <chew/chew.h> +#include <pseh/pseh2.h>
#endif /* _TCPIP_PCH_ */ diff --git a/drivers/network/tcpip/tcpip/fileobjs.c b/drivers/network/tcpip/tcpip/fileobjs.c index f050a09b0c..614f1e1147 100644 --- a/drivers/network/tcpip/tcpip/fileobjs.c +++ b/drivers/network/tcpip/tcpip/fileobjs.c @@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress( PVOID Options) { PADDRESS_FILE AddrFile; - PTEB Teb;
TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
@@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress( AddrFile->HeaderIncl = 1; AddrFile->ProcessId = PsGetCurrentProcessId();
- Teb = PsGetCurrentThreadTeb(); - if (Teb != NULL) { - AddrFile->SubProcessTag = Teb->SubProcessTag; - } + _SEH2_TRY { + PTEB Teb; + + Teb = PsGetCurrentThreadTeb(); + if (Teb != NULL) + AddrFile->SubProcessTag = Teb->SubProcessTag; + } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + AddrFile->SubProcessTag = 0; + } _SEH2_END;
KeQuerySystemTime(&AddrFile->CreationTime);