https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b2b1c054e4dad11fe6775d...
commit b2b1c054e4dad11fe6775d10f35d65c68422e3b4 Author: Mark Jansen mark.jansen@reactos.org AuthorDate: Sun Aug 5 22:14:44 2018 +0200 Commit: Mark Jansen mark.jansen@reactos.org CommitDate: Mon Aug 6 20:51:21 2018 +0200
[NTOSKRNL] Fix a nullptr dereference in IopStartDevice --- ntoskrnl/io/pnpmgr/pnpmgr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/io/pnpmgr/pnpmgr.c b/ntoskrnl/io/pnpmgr/pnpmgr.c index 62ad7a253f..e4cb7db6d6 100644 --- a/ntoskrnl/io/pnpmgr/pnpmgr.c +++ b/ntoskrnl/io/pnpmgr/pnpmgr.c @@ -786,7 +786,7 @@ IopStartDevice( { NTSTATUS Status; HANDLE InstanceHandle = NULL, ControlHandle = NULL; - UNICODE_STRING KeyName; + UNICODE_STRING KeyName, ValueString; OBJECT_ATTRIBUTES ObjectAttributes;
if (DeviceNode->Flags & DNF_DISABLED) @@ -817,7 +817,10 @@ IopStartDevice( goto ByeBye;
RtlInitUnicodeString(&KeyName, L"ActiveService"); - Status = ZwSetValueKey(ControlHandle, &KeyName, 0, REG_SZ, DeviceNode->ServiceName.Buffer, DeviceNode->ServiceName.Length + sizeof(UNICODE_NULL)); + ValueString = DeviceNode->ServiceName; + if (!ValueString.Buffer) + RtlInitUnicodeString(&ValueString, L""); + Status = ZwSetValueKey(ControlHandle, &KeyName, 0, REG_SZ, ValueString.Buffer, ValueString.Length + sizeof(UNICODE_NULL)); // }
ByeBye: