https://git.reactos.org/?p=reactos.git;a=commitdiff;h=1c404d838a7a681f825c4… commit 1c404d838a7a681f825c42d6bf9f317008173239 Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Sun Sep 27 16:41:34 2020 +0200 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sat Oct 3 13:10:09 2020 +0200 [NTDLL:LDR] Fail if section creation fails in LdrpCreateDllSection. CORE-17284 Otherwise we'd call ZwQuerySection on an invalid handle and get: (ntoskrnl/mm/section.c:4320) Failed to reference section: 0xc0000008 Also correctly check DllCharacteristics: If the argument is missing, the file is _not_ a system file, i.e. we should check for restrictions. --- dll/ntdll/ldr/ldrutils.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dll/ntdll/ldr/ldrutils.c b/dll/ntdll/ldr/ldrutils.c index 7f04bb46055..5b1ec30e525 100644 --- a/dll/ntdll/ldr/ldrutils.c +++ b/dll/ntdll/ldr/ldrutils.c @@ -641,10 +641,12 @@ LdrpCreateDllSection(IN PUNICODE_STRING FullName, /* Increment the error count */ if (LdrpInLdrInit) LdrpFatalHardErrorCount++; + + goto Exit; } /* Check for Safer restrictions */ - if (DllCharacteristics && + if (!DllCharacteristics || !(*DllCharacteristics & IMAGE_FILE_SYSTEM)) { /* Make sure it's executable */ @@ -683,6 +685,7 @@ LdrpCreateDllSection(IN PUNICODE_STRING FullName, } } +Exit: /* Close the file handle, we don't need it */ NtClose(FileHandle);