Author: fireball Date: Tue Feb 24 14:06:13 2009 New Revision: 39736 URL: http://svn.reactos.org/svn/reactos?rev=39736&view=rev Log: - Fix freed memory usage in SeLocateProcessImageName, spotted by Jan Roeloffzen. - Use a correct structure member in SeAuditProcessCreationInfo (but it's still the same pointer). - Rewrite bottom part of the function to better match ReactOS coding style. See issue #4087 for more details. Modified: trunk/reactos/ntoskrnl/se/audit.c Modified: trunk/reactos/ntoskrnl/se/audit.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/audit.c?rev=39… ============================================================================== --- trunk/reactos/ntoskrnl/se/audit.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/audit.c [iso-8859-1] Tue Feb 24 14:06:13 2009 @@ -139,7 +139,7 @@ { /* Set it */ if (InterlockedCompareExchangePointer(&Process-> - SeAuditProcessCreationInfo, + SeAuditProcessCreationInfo.ImageFileName, AuditName, NULL)) { @@ -153,29 +153,26 @@ if (!NT_SUCCESS(Status)) return Status; } + /* Get audit info again, now we have it for sure */ + AuditName = Process->SeAuditProcessCreationInfo.ImageFileName; + /* Allocate the output string */ ImageName = ExAllocatePoolWithTag(NonPagedPool, AuditName->Name.MaximumLength + sizeof(UNICODE_STRING), TAG_SEPA); - if (ImageName) - { - /* Make a copy of it */ - RtlCopyMemory(ImageName, - &AuditName->Name, - AuditName->Name.MaximumLength + sizeof(UNICODE_STRING)); - - /* Fix up the buffer */ - ImageName->Buffer = (PWSTR)(ImageName + 1); - - /* Return it */ - *ProcessImageName = ImageName; - } - else - { - /* Otherwise, fail */ - Status = STATUS_NO_MEMORY; - } + if (!ImageName) return STATUS_NO_MEMORY; + + /* Make a copy of it */ + RtlCopyMemory(ImageName, + &AuditName->Name, + AuditName->Name.MaximumLength + sizeof(UNICODE_STRING)); + + /* Fix up the buffer */ + ImageName->Buffer = (PWSTR)(ImageName + 1); + + /* Return it */ + *ProcessImageName = ImageName; /* Return status */ return Status;