[dchapyshev] 72548: [NTOS:IO] - Fix potential null-pointer dereferencing (we call IopCleanupAfterException in IopDeviceFsIoControl with Irp == NULL) - Ros-diffs

3 Sep 2016

Author: dchapyshev
Date: Sat Sep  3 15:49:55 2016
New Revision: 72548
URL: http://svn.reactos.org/svn/reactos?rev=72548&view=rev
Log:
[NTOS:IO]
- Fix potential null-pointer dereferencing (we call IopCleanupAfterException in IopDeviceFsIoControl with Irp == NULL)
Modified:
    trunk/reactos/ntoskrnl/io/iomgr/iofunc.c
Modified: trunk/reactos/ntoskrnl/io/iomgr/iofunc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/iofunc.c?...
==============================================================================

--- trunk/reactos/ntoskrnl/io/iomgr/iofunc.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/iofunc.c	[iso-8859-1] Sat Sep  3 15:49:55 2016
@@ -22,25 +22,28 @@
 VOID
 NTAPI
 IopCleanupAfterException(IN PFILE_OBJECT FileObject,
-                         IN PIRP Irp,
+                         IN PIRP Irp OPTIONAL,
                          IN PKEVENT Event OPTIONAL,
                          IN PKEVENT LocalEvent OPTIONAL)
 {
     PAGED_CODE();
     IOTRACE(IO_API_DEBUG, "IRP: %p. FO: %p \n", Irp, FileObject);
-    /* Check if we had a buffer */
-    if (Irp->AssociatedIrp.SystemBuffer)
-    {
-        /* Free it */
-        ExFreePool(Irp->AssociatedIrp.SystemBuffer);
-    }
-
-    /* Free the mdl */
-    if (Irp->MdlAddress) IoFreeMdl(Irp->MdlAddress);
-
-    /* Free the IRP */
-    IoFreeIrp(Irp);
+    if (Irp)
+    {
+        /* Check if we had a buffer */
+        if (Irp->AssociatedIrp.SystemBuffer)
+        {
+            /* Free it */
+            ExFreePool(Irp->AssociatedIrp.SystemBuffer);
+        }
+
+        /* Free the mdl */
+        if (Irp->MdlAddress) IoFreeMdl(Irp->MdlAddress);
+
+        /* Free the IRP */
+        IoFreeIrp(Irp);
+    }
/* Check if we had a file lock */
     if (FileObject->Flags & FO_SYNCHRONOUS_IO)

    