https://git.reactos.org/?p=reactos.git;a=commitdiff;h=46bda8a4c67c411aa4359… commit 46bda8a4c67c411aa4359411ad9f6c980d0c3eef Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Wed Oct 3 13:50:16 2018 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Wed Oct 3 13:50:16 2018 +0200 [NTOSKRNL] In IopQueryNameInternal() don't copy name if it's not valid --- ntoskrnl/io/iomgr/file.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ntoskrnl/io/iomgr/file.c b/ntoskrnl/io/iomgr/file.c index 1fb691809c..0fbac2cc91 100644 --- a/ntoskrnl/io/iomgr/file.c +++ b/ntoskrnl/io/iomgr/file.c @@ -2004,6 +2004,14 @@ IopQueryNameInternal(IN PVOID ObjectBody, (ULONG_PTR)ObjectNameInfo + LocalFileInfo->FileNameLength); + /* Don't copy the name if it's not valid */ + if (LocalFileInfo->FileName[0] != OBJ_NAME_PATH_SEPARATOR) + { + /* Free the allocated buffer and return failure */ + ExFreePoolWithTag(LocalInfo, TAG_IO); + return STATUS_OBJECT_PATH_INVALID; + } + /* Write the Name and null-terminate it */ RtlCopyMemory(p, LocalFileInfo->FileName, FileLength); p += (FileLength / sizeof(WCHAR));