Author: tkreuzer Date: Thu Mar 12 21:29:11 2009 New Revision: 39985
URL: http://svn.reactos.org/svn/reactos?rev=39985&view=rev Log: NtSetSystemInformation: - Don't leak the copied string when being called from user mode. - Don't recursively call ZwSetSystemInformation, instead continue the normal path.
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=3... ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Thu Mar 12 21:29:11 2009 @@ -1587,18 +1587,10 @@ /* FIXME: We can't, fail */ //return STATUS_PRIVILEGE_NOT_HELD; } - - /* Probe and capture the driver name */ - ProbeAndCaptureUnicodeString(&ImageName, UserMode, Buffer); - - /* Force kernel as previous mode */ - return ZwSetSystemInformation(SystemExtendServiceTableInformation, - &ImageName, - sizeof(ImageName)); - } - - /* Just copy the string */ - ImageName = *(PUNICODE_STRING)Buffer; + } + + /* Probe and capture the driver name */ + ProbeAndCaptureUnicodeString(&ImageName, PreviousMode, Buffer);
/* Load the image */ Status = MmLoadSystemImage(&ImageName, @@ -1607,6 +1599,10 @@ 0, (PVOID)&ModuleObject, &ImageBase); + + /* Release String */ + ReleaseCapturedUnicodeString(&ImageName, PreviousMode); + if (!NT_SUCCESS(Status)) return Status;
/* Get the headers */