18 Mar
2021
18 Mar
'21
10:08 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=aec3d9cc8f890df41fbaa…
commit aec3d9cc8f890df41fbaa697a0249a78ad98db8f
Author: Victor Perevertkin <victor.perevertkin(a)reactos.org>
AuthorDate: Fri Mar 19 01:07:22 2021 +0300
Commit: Victor Perevertkin <victor.perevertkin(a)reactos.org>
CommitDate: Fri Mar 19 01:07:22 2021 +0300
[NTOS:IO][NTOS:PNP] Fix incorrect usage of IopGetRegistryValue
KEY_VALUE_FULL_INFORMATION was not always freed properly
---
ntoskrnl/io/iomgr/driver.c | 7 +++-
ntoskrnl/io/pnpmgr/devaction.c | 88 +++++++++++++++++++++++-------------------
2 files changed, 54 insertions(+), 41 deletions(-)
diff --git a/ntoskrnl/io/iomgr/driver.c b/ntoskrnl/io/iomgr/driver.c
index 602cd487fb7..24f6084a892 100644
--- a/ntoskrnl/io/iomgr/driver.c
+++ b/ntoskrnl/io/iomgr/driver.c
@@ -195,7 +195,12 @@ IopGetDriverNames(
if (driverName.Buffer == NULL)
{
status = IopGetRegistryValue(ServiceHandle, L"Type", &kvInfo);
- if (!NT_SUCCESS(status) || kvInfo->Type != REG_DWORD)
+ if (!NT_SUCCESS(status))
+ {
+ ExFreePoolWithTag(basicInfo, TAG_IO);
+ return status;
+ }
+ if (kvInfo->Type != REG_DWORD)
{
ExFreePool(kvInfo);
ExFreePoolWithTag(basicInfo, TAG_IO); // container for serviceName
diff --git a/ntoskrnl/io/pnpmgr/devaction.c b/ntoskrnl/io/pnpmgr/devaction.c
index 5d354ddc62c..aa1ac12f6c2 100644
--- a/ntoskrnl/io/pnpmgr/devaction.c
+++ b/ntoskrnl/io/pnpmgr/devaction.c
@@ -419,11 +419,15 @@ PiAttachFilterDriversCallback(
SERVICE_LOAD_TYPE startType = DisableLoad;
Status = IopGetRegistryValue(serviceHandle, L"Start", &kvInfo);
- if (NT_SUCCESS(Status) && kvInfo->Type == REG_DWORD)
+ if (NT_SUCCESS(Status))
{
- RtlMoveMemory(&startType,
- (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset),
- sizeof(startType));
+ if (kvInfo->Type == REG_DWORD)
+ {
+ RtlMoveMemory(&startType,
+ (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset),
+ sizeof(startType));
+ }
+
ExFreePool(kvInfo);
}
@@ -621,52 +625,56 @@ PiCallDriverAddDevice(
// try to get the class GUID of an instance and its registry key
Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &kvInfo);
- if (NT_SUCCESS(Status) && kvInfo->Type == REG_SZ &&
kvInfo->DataLength > sizeof(WCHAR))
+ if (NT_SUCCESS(Status))
{
- UNICODE_STRING classGUID = {
- .MaximumLength = kvInfo->DataLength,
- .Length = kvInfo->DataLength - sizeof(UNICODE_NULL),
- .Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset)
- };
- HANDLE ccsControlHandle;
-
- Status = IopOpenRegistryKeyEx(&ccsControlHandle, NULL, &ccsControlClass,
KEY_READ);
- if (!NT_SUCCESS(Status))
- {
- DPRINT1("IopOpenRegistryKeyEx() failed for \"%wZ\" (status
%x)\n",
- &ccsControlClass, Status);
- }
- else
+ if (kvInfo->Type == REG_SZ && kvInfo->DataLength >
sizeof(WCHAR))
{
- // open the CCS\Control\Class\<ClassGUID> key
- Status = IopOpenRegistryKeyEx(&ClassKey, ccsControlHandle,
&classGUID, KEY_READ);
- ZwClose(ccsControlHandle);
+ UNICODE_STRING classGUID = {
+ .MaximumLength = kvInfo->DataLength,
+ .Length = kvInfo->DataLength - sizeof(UNICODE_NULL),
+ .Buffer = (PVOID)((ULONG_PTR)kvInfo + kvInfo->DataOffset)
+ };
+ HANDLE ccsControlHandle;
+
+ Status = IopOpenRegistryKeyEx(&ccsControlHandle, NULL,
&ccsControlClass, KEY_READ);
if (!NT_SUCCESS(Status))
{
- DPRINT1("Failed to open class key \"%wZ\" (status
%x)\n", &classGUID, Status);
+ DPRINT1("IopOpenRegistryKeyEx() failed for \"%wZ\" (status
%x)\n",
+ &ccsControlClass, Status);
}
- }
-
- if (ClassKey)
- {
- // Check the Properties key of a class too
- // Windows fills some device properties from this key (which is protected)
- // TODO: add the device properties from this key
-
- UNICODE_STRING properties =
RTL_CONSTANT_STRING(REGSTR_KEY_DEVICE_PROPERTIES);
- HANDLE propertiesHandle;
-
- Status = IopOpenRegistryKeyEx(&propertiesHandle, ClassKey,
&properties, KEY_READ);
- if (!NT_SUCCESS(Status))
+ else
{
- DPRINT("Properties key failed to open for \"%wZ\" (status
%x)\n",
- &classGUID, Status);
+ // open the CCS\Control\Class\<ClassGUID> key
+ Status = IopOpenRegistryKeyEx(&ClassKey, ccsControlHandle,
&classGUID, KEY_READ);
+ ZwClose(ccsControlHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Failed to open class key \"%wZ\" (status
%x)\n", &classGUID, Status);
+ }
}
- else
+
+ if (ClassKey)
{
- ZwClose(propertiesHandle);
+ // Check the Properties key of a class too
+ // Windows fills some device properties from this key (which is
protected)
+ // TODO: add the device properties from this key
+
+ UNICODE_STRING properties =
RTL_CONSTANT_STRING(REGSTR_KEY_DEVICE_PROPERTIES);
+ HANDLE propertiesHandle;
+
+ Status = IopOpenRegistryKeyEx(&propertiesHandle, ClassKey,
&properties, KEY_READ);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT("Properties key failed to open for \"%wZ\"
(status %x)\n",
+ &classGUID, Status);
+ }
+ else
+ {
+ ZwClose(propertiesHandle);
+ }
}
}
+
ExFreePool(kvInfo);
}
1332
days inactive
1332
days old
0 comments
1 participants
participants (1)
-
Victor Perevertkin