05/07: [NTOSKRNL] In IopQueryNameInternal() don't copy name if it's not valid - Ros-diffs

3 Oct 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=46bda8a4c67c411aa43594...
commit 46bda8a4c67c411aa4359411ad9f6c980d0c3eef
Author:     Pierre Schweitzer pierre@reactos.org
AuthorDate: Wed Oct 3 13:50:16 2018 +0200
Commit:     Pierre Schweitzer pierre@reactos.org
CommitDate: Wed Oct 3 13:50:16 2018 +0200
[NTOSKRNL] In IopQueryNameInternal() don't copy name if it's not valid
---
 ntoskrnl/io/iomgr/file.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ntoskrnl/io/iomgr/file.c b/ntoskrnl/io/iomgr/file.c
index 1fb691809c..0fbac2cc91 100644
--- a/ntoskrnl/io/iomgr/file.c
+++ b/ntoskrnl/io/iomgr/file.c
@@ -2004,6 +2004,14 @@ IopQueryNameInternal(IN PVOID ObjectBody,
                                 (ULONG_PTR)ObjectNameInfo +
                                 LocalFileInfo->FileNameLength);
+    /* Don't copy the name if it's not valid */
+    if (LocalFileInfo->FileName[0] != OBJ_NAME_PATH_SEPARATOR)
+    {
+        /* Free the allocated buffer and return failure */
+        ExFreePoolWithTag(LocalInfo, TAG_IO);
+        return STATUS_OBJECT_PATH_INVALID;
+    }
+
     /* Write the Name and null-terminate it */
     RtlCopyMemory(p, LocalFileInfo->FileName, FileLength);
     p += (FileLength / sizeof(WCHAR));

    