https://git.reactos.org/?p=reactos.git;a=commitdiff;h=501c2bdd63c4d4b97c4bc… commit 501c2bdd63c4d4b97c4bc3b54241abe53e0fabdf Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> AuthorDate: Sun Oct 22 21:57:59 2023 +0200 Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> CommitDate: Mon Oct 23 18:18:45 2023 +0200 [NTOS:LPC] Fix input parameter for ProbeAndCaptureUnicodeString (#5815) Addendum to commit b3c55b9e6 (PR #4399). Passing &CapturedObjectName as pointer to be probed and captured would fail if e.g. PreviousMode == UserMode, since that pointer is always in kernel space. Instead, pass the original user-mode pointer. Bug caught by Timo Kreuzer ;) --- ntoskrnl/lpc/create.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ntoskrnl/lpc/create.c b/ntoskrnl/lpc/create.c index 7c017b6b7e1..2f4d5b9622a 100644 --- a/ntoskrnl/lpc/create.c +++ b/ntoskrnl/lpc/create.c @@ -83,8 +83,9 @@ LpcpCreatePort(OUT PHANDLE PortHandle, } else { - if (ObjectAttributes->ObjectName) - CapturedObjectName = *(ObjectAttributes->ObjectName); + ObjectName = ObjectAttributes->ObjectName; + if (ObjectName) + CapturedObjectName = *ObjectName; } /* Normalize the buffer pointer in case we don't have @@ -96,7 +97,7 @@ LpcpCreatePort(OUT PHANDLE PortHandle, /* Capture the port name for DPRINT only - ObCreateObject does its * own capture. As it is used only for debugging, ignore any failure; * the string is zeroed out in such case. */ - ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode, &CapturedObjectName); + ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode, ObjectName); LPCTRACE(LPC_CREATE_DEBUG, "Name: %wZ\n", &CapturedPortName); ReleaseCapturedUnicodeString(&CapturedPortName, PreviousMode); #endif