[reactos] 01/01: [NTOS:LPC] Fix input parameter for ProbeAndCaptureUnicodeString (#5815) - Ros-diffs

23 Oct 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=501c2bdd63c4d4b97c4bc3...
commit 501c2bdd63c4d4b97c4bc3b54241abe53e0fabdf
Author:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
AuthorDate: Sun Oct 22 21:57:59 2023 +0200
Commit:     Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org
CommitDate: Mon Oct 23 18:18:45 2023 +0200
[NTOS:LPC] Fix input parameter for ProbeAndCaptureUnicodeString (#5815)
Addendum to commit b3c55b9e6 (PR #4399).
Passing &CapturedObjectName as pointer to be probed and captured would
    fail if e.g. PreviousMode == UserMode, since that pointer is always in
    kernel space. Instead, pass the original user-mode pointer.
Bug caught by Timo Kreuzer ;)
---
 ntoskrnl/lpc/create.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ntoskrnl/lpc/create.c b/ntoskrnl/lpc/create.c
index 7c017b6b7e1..2f4d5b9622a 100644
--- a/ntoskrnl/lpc/create.c
+++ b/ntoskrnl/lpc/create.c
@@ -83,8 +83,9 @@ LpcpCreatePort(OUT PHANDLE PortHandle,
     }
     else
     {
-        if (ObjectAttributes->ObjectName)
-            CapturedObjectName = *(ObjectAttributes->ObjectName);
+        ObjectName = ObjectAttributes->ObjectName;
+        if (ObjectName)
+            CapturedObjectName = *ObjectName;
     }
/* Normalize the buffer pointer in case we don't have
@@ -96,7 +97,7 @@ LpcpCreatePort(OUT PHANDLE PortHandle,
     /* Capture the port name for DPRINT only - ObCreateObject does its
      * own capture. As it is used only for debugging, ignore any failure;
      * the string is zeroed out in such case. */
-    ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode, &CapturedObjectName);
+    ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode, ObjectName);
     LPCTRACE(LPC_CREATE_DEBUG, "Name: %wZ\n", &CapturedPortName);
     ReleaseCapturedUnicodeString(&CapturedPortName, PreviousMode);
 #endif

    