Author: cgutman Date: Mon Nov 7 01:47:55 2011 New Revision: 54330 URL: http://svn.reactos.org/svn/reactos?rev=54330&view=rev Log: [NPFS] - Fix an access-after-free bug Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/f… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] Mon Nov 7 01:47:55 2011 @@ -92,6 +92,7 @@ PNPFS_FCB Fcb; PNPFS_CCB ClientCcb; NTSTATUS Status; + KPROCESSOR_MODE WaitMode; DPRINT("NpfsConnectPipe()\n"); @@ -124,6 +125,7 @@ IoStack = IoGetCurrentIrpStackLocation(Irp); FileObject = IoStack->FileObject; Flags = FileObject->Flags; + WaitMode = Irp->RequestorMode; /* search for a listening client fcb */ KeLockMutex(&Fcb->CcbListLock); @@ -183,7 +185,7 @@ { KeWaitForSingleObject(&Ccb->ConnectEvent, UserRequest, - Irp->RequestorMode, + WaitMode, (Flags & FO_ALERTABLE_IO), NULL); }