[hbelusca] 74509: [DISK]: Small fixes: - Check for malformed disk identifier, which must be at least 9 WCHARs long (as done by disk_new); - Prevent possible memory leaks (missing ExFreePool's) + cl... - Ros-diffs

8 May 2017

Author: hbelusca
Date: Mon May  8 21:34:07 2017
New Revision: 74509
URL: http://svn.reactos.org/svn/reactos?rev=74509&view=rev
Log:
[DISK]: Small fixes:
- Check for malformed disk identifier, which must be at least 9 WCHARs long (as done by disk_new);
- Prevent possible memory leaks (missing ExFreePool's) + closing registry key.
Investigated by Lesan Ilie during tests; as part of CORE-13131.
- Make one of our hacks more readable (by me).
(We also note that this driver uses the ExAllocate/FreePool functions in the old-school way).
Modified:
    trunk/reactos/drivers/storage/class/disk/disk.c
Modified: trunk/reactos/drivers/storage/class/disk/disk.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/storage/class/disk/...
==============================================================================

--- trunk/reactos/drivers/storage/class/disk/disk.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/storage/class/disk/disk.c	[iso-8859-1] Mon May  8 21:34:07 2017
@@ -2286,7 +2286,7 @@
             outputBuffer->PartitionType = diskData->PartitionType;
             outputBuffer->StartingOffset = deviceExtension->StartingOffset;
             outputBuffer->PartitionLength.QuadPart = (diskData->PartitionNumber) ?
-                deviceExtension->PartitionLength.QuadPart : 2305843009213693951LL; // HACK
+                deviceExtension->PartitionLength.QuadPart : 0x1FFFFFFFFFFFFFFFLL; // HACK
             outputBuffer->HiddenSectors = diskData->HiddenSectors;
             outputBuffer->PartitionNumber = diskData->PartitionNumber;
             outputBuffer->BootIndicator = diskData->BootIndicator;
@@ -3921,6 +3921,17 @@
                 ZwClose(targetKey);
if (!NT_SUCCESS(status)) {
+                    ExFreePool(keyData);
+                    continue;
+                }
+
+                if (keyData->DataLength < 9*sizeof(WCHAR)) {
+                    //
+                    // the data is too short to use (we subtract 9 chars in normal path)
+                    //
+                    DebugPrint((1, "EnumerateBusKey: Saved data was invalid, "
+                                "not enough data in registry!\n"));
+                    ExFreePool(keyData);
                     continue;
                 }
@@ -3943,6 +3954,7 @@
                                                  TRUE);
if (!NT_SUCCESS(status)) {
+                    ExFreePool(keyData);
                     continue;
                 }
@@ -4124,6 +4136,7 @@
         DebugPrint((1,
                    "SCSIDISK: ExtractBiosGeometry: Can't query configuration data (%x)\n",
                    status));
+        ZwClose(hardwareKey);
         ExFreePool(keyData);
         return;
     }

    