[jgardou] 64954: [WIN32K] - Do not dereference hook objects when it's not needed. - Avoid use after free. CORE-8698 #resolve - Ros-diffs

24 Oct 2014

Author: jgardou
Date: Fri Oct 24 11:34:55 2014
New Revision: 64954
URL: http://svn.reactos.org/svn/reactos?rev=64954&view=rev
Log:
[WIN32K]
 - Do not dereference hook objects when it's not needed.
 - Avoid use after free.
CORE-8698 #resolve
Modified:
    trunk/reactos/win32ss/user/ntuser/hook.c
Modified: trunk/reactos/win32ss/user/ntuser/hook.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/hook.c?...
==============================================================================

--- trunk/reactos/win32ss/user/ntuser/hook.c	[iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/hook.c	[iso-8859-1] Fri Oct 24 11:34:55 2014
@@ -1294,12 +1294,14 @@
        {
           Hook = CONTAINING_RECORD(pElement, HOOK, Chain);
+          /* Get the next element now, we might free the hook in what follows */
+          pElement = Hook->Chain.Flink;
+
           if (Hook->Proc == pfnFilterProc)
           {
              if (Hook->head.pti == pti)
              {
                 IntRemoveHook(Hook);
-                UserDereferenceObject(Hook);
                 return TRUE;
              }
              else
@@ -1308,8 +1310,6 @@
                 return FALSE;
              }
           }
-
-          pElement = Hook->Chain.Flink;
        }
     }
     return FALSE;

    