Author: tfaber Date: Tue May 30 18:14:31 2017 New Revision: 74700 URL: http://svn.reactos.org/svn/reactos?rev=74700&view=rev Log: [NTOS:IO] - Fix key handle leak in PipCallDriverAddDevice - Avoid double-close in failure case of IopAttachFilterDrivers - Simplify closing handles, and use sensible variables names in IopAttachFilterDrivers CORE-13336 Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c trunk/reactos/ntoskrnl/io/pnpmgr/pnpinit.c Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] Tue May 30 18:14:31 2017 @@ -648,6 +648,7 @@ UNICODE_STRING EnumRoot = RTL_CONSTANT_STRING(ENUM_ROOT); UNICODE_STRING ControlClass = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Class"); HANDLE EnumRootKey, SubKey; + HANDLE ControlKey, ClassKey; NTSTATUS Status; /* Open enumeration root key */ @@ -667,11 +668,11 @@ EnumRootKey, &DeviceNode->InstancePath, KEY_READ); + ZwClose(EnumRootKey); if (!NT_SUCCESS(Status)) { DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n", &DeviceNode->InstancePath, Status); - ZwClose(EnumRootKey); return Status; } @@ -696,7 +697,6 @@ DPRINT1("Failed to load device %s filters: %08X\n", Lower ? "lower" : "upper", Status); ZwClose(SubKey); - ZwClose(EnumRootKey); return Status; } @@ -717,9 +717,8 @@ DeviceNode, NULL); - /* Close handles */ + /* Close subkey */ ZwClose(SubKey); - ZwClose(EnumRootKey); /* If there is no class GUID, we're done */ if (!NT_SUCCESS(Status)) @@ -730,7 +729,7 @@ /* * Load the class filter driver */ - Status = IopOpenRegistryKeyEx(&EnumRootKey, + Status = IopOpenRegistryKeyEx(&ControlKey, NULL, &ControlClass, KEY_READ); @@ -742,8 +741,8 @@ } /* Open subkey */ - Status = IopOpenRegistryKeyEx(&SubKey, - EnumRootKey, + Status = IopOpenRegistryKeyEx(&ClassKey, + ControlKey, &Class, KEY_READ); if (!NT_SUCCESS(Status)) @@ -751,7 +750,7 @@ /* It's okay if there's no class key */ DPRINT1("IopOpenRegistryKeyEx() failed for '%wZ' with status 0x%lx\n", &Class, Status); - ZwClose(EnumRootKey); + ZwClose(ControlKey); return STATUS_SUCCESS; } @@ -765,21 +764,19 @@ QueryTable[0].DefaultType = REG_NONE; Status = RtlQueryRegistryValues(RTL_REGISTRY_HANDLE, - (PWSTR)SubKey, + (PWSTR)ClassKey, QueryTable, DeviceNode, NULL); /* Clean up */ - ZwClose(SubKey); - ZwClose(EnumRootKey); + ZwClose(ClassKey); + ZwClose(ControlKey); if (!NT_SUCCESS(Status)) { DPRINT1("Failed to load class %s filters: %08X\n", Lower ? "lower" : "upper", Status); - ZwClose(SubKey); - ZwClose(EnumRootKey); return Status; } Modified: trunk/reactos/ntoskrnl/io/pnpmgr/pnpinit.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/pnpmgr/pnpinit… ============================================================================== --- trunk/reactos/ntoskrnl/io/pnpmgr/pnpinit.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/pnpmgr/pnpinit.c [iso-8859-1] Tue May 30 18:14:31 2017 @@ -290,6 +290,7 @@ Status = IopGetRegistryValue(SubKey, REGSTR_VAL_CLASSGUID, &KeyValueInformation); + ZwClose(SubKey); if (NT_SUCCESS(Status)) { /* Convert to unicode string */