[reactos] 03/04: [UDFS] Fix NewCFBName leakage in UDFFirstOpenFile() CORE-11098 - Ros-diffs

17 Aug 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e5e4362b6dc87a2e001cb…

commit e5e4362b6dc87a2e001cb3f68000e85f7fede4fd
Author:     Victor Martinez &lt;vicmarcal(a)gmail.com&gt;
AuthorDate: Sat Aug 17 16:39:55 2019 +0300
Commit:     Victor Perevertkin &lt;victor(a)perevertkin.ru&gt;
CommitDate: Sat Aug 17 16:49:11 2019 +0300

    [UDFS] Fix NewCFBName leakage in UDFFirstOpenFile()
    CORE-11098
---
 drivers/filesystems/udfs/create.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/drivers/filesystems/udfs/create.cpp b/drivers/filesystems/udfs/create.cpp
index 3c777e8f493..6455389d52b 100644
--- a/drivers/filesystems/udfs/create.cpp
+++ b/drivers/filesystems/udfs/create.cpp
@@ -2312,7 +2312,10 @@ UDFFirstOpenFile(
             ((LocalPath->Buffer[LocalPath->Length/sizeof(WCHAR)-1] != L':')
/*&&
              (LocalPath->Buffer[LocalPath->Length/sizeof(WCHAR)-1] !=
L'\\')*/) )) {
         RC = MyAppendUnicodeToString(&(NewFCBName->ObjectName), L"\\");
-        if(!NT_SUCCESS(RC)) return STATUS_INSUFFICIENT_RESOURCES;
+        if(!NT_SUCCESS(RC)) {
+            UDFReleaseObjectName(NewFCBName);
+            return STATUS_INSUFFICIENT_RESOURCES;
+        }
     }
 
     // Make link between Fcb and FileInfo
@@ -2321,9 +2324,11 @@ UDFFirstOpenFile(
     (*PtrNewFcb)->ParentFcb = RelatedFileInfo->Fcb;
 
     if(!((*PtrNewFcb)->NTRequiredFCB = NewFileInfo->Dloc->CommonFcb)) {
-        if(!((*PtrNewFcb)->NTRequiredFCB =
-                    (PtrUDFNTRequiredFCB)MyAllocatePool__(NonPagedPool,
UDFQuadAlign(sizeof(UDFNTRequiredFCB))) ) )
+        (*PtrNewFcb)->NTRequiredFCB =
(PtrUDFNTRequiredFCB)MyAllocatePool__(NonPagedPool,
UDFQuadAlign(sizeof(UDFNTRequiredFCB)));
+        if(!((*PtrNewFcb)->NTRequiredFCB)) {
+            UDFReleaseObjectName(NewFCBName);
             return STATUS_INSUFFICIENT_RESOURCES;
+        }
 
         UDFPrint(("UDFAllocateNtReqFCB: %x\n",
(*PtrNewFcb)->NTRequiredFCB));
         RtlZeroMemory((*PtrNewFcb)->NTRequiredFCB,
UDFQuadAlign(sizeof(UDFNTRequiredFCB)));
@@ -2333,6 +2338,7 @@ UDFFirstOpenFile(
         if(!(NewFileInfo->Dloc->CommonFcb->NtReqFCBFlags &
UDF_NTREQ_FCB_VALID)) {
             (*PtrNewFcb)->NTRequiredFCB = NULL;
             BrutePoint();
+            UDFReleaseObjectName(NewFCBName);
             return STATUS_ACCESS_DENIED;
         }
     }


    