[reactos] 01/05: [NTOS:EX] Correctly handle OOM in NtFindAtom. CID 1237072 - Ros-diffs

14 Nov 2021

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=aa9a09819614c27a69c15…

commit aa9a09819614c27a69c15116c1567b5351225186
Author:     Thomas Faber &lt;thomas.faber(a)reactos.org&gt;
AuthorDate: Wed Oct 27 22:51:15 2021 -0400
Commit:     Thomas Faber &lt;thomas.faber(a)reactos.org&gt;
CommitDate: Sat Nov 13 21:23:36 2021 -0500

    [NTOS:EX] Correctly handle OOM in NtFindAtom. CID 1237072
---
 ntoskrnl/ex/atom.c | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/ntoskrnl/ex/atom.c b/ntoskrnl/ex/atom.c
index 93d78a661bf..a33e0e9bccb 100644
--- a/ntoskrnl/ex/atom.c
+++ b/ntoskrnl/ex/atom.c
@@ -249,7 +249,7 @@ NtFindAtom(IN PWSTR AtomName,
     PRTL_ATOM_TABLE AtomTable = ExpGetGlobalAtomTable();
     NTSTATUS Status;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
-    LPWSTR CapturedName = NULL;
+    _SEH2_VOLATILE LPWSTR CapturedName;
     ULONG CapturedSize;
     RTL_ATOM SafeAtom;
     PAGED_CODE();
@@ -283,20 +283,12 @@ NtFindAtom(IN PWSTR AtomName,
                 /* Allocate an aligned buffer + the null char */
                 CapturedSize = ((AtomNameLength + sizeof(WCHAR)) &~
                                 (sizeof(WCHAR) -1));
-                CapturedName = ExAllocatePoolWithTag(PagedPool,
-                                                     CapturedSize,
-                                                     TAG_ATOM);
-                if (!CapturedName)
-                {
-                    /* Fail the call */
-                    Status = STATUS_INSUFFICIENT_RESOURCES;
-                }
-                else
-                {
-                    /* Copy the name and null-terminate it */
-                    RtlCopyMemory(CapturedName, AtomName, AtomNameLength);
-                    CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL;
-                }
+                CapturedName = ExAllocatePoolWithQuotaTag(PagedPool,
+                                                          CapturedSize,
+                                                          TAG_ATOM);
+                /* Copy the name and null-terminate it */
+                RtlCopyMemory(CapturedName, AtomName, AtomNameLength);
+                CapturedName[AtomNameLength / sizeof(WCHAR)] = UNICODE_NULL;
 
                 /* Probe the atom too */
                 if (Atom) ProbeForWriteUshort(Atom);
@@ -304,6 +296,11 @@ NtFindAtom(IN PWSTR AtomName,
         }
         _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
         {
+            if (CapturedName != AtomName)
+            {
+                ExFreePoolWithTag(CapturedName, TAG_ATOM);
+            }
+
             /* Return the exception code */
             _SEH2_YIELD(return _SEH2_GetExceptionCode());
         }
@@ -314,7 +311,7 @@ NtFindAtom(IN PWSTR AtomName,
     Status = RtlLookupAtomInAtomTable(AtomTable, CapturedName, &SafeAtom);
     if (NT_SUCCESS(Status) && (Atom))
     {
-        /* Success and caller wants the atom back.. .enter SEH */
+        /* Success and caller wants the atom back... enter SEH */
         _SEH2_TRY
         {
             /* Return the atom */


    