https://git.reactos.org/?p=reactos.git;a=commitdiff;h=32a82eb123e75544cf6cd… commit 32a82eb123e75544cf6cd9341589928bed5be89c Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> AuthorDate: Thu Jun 10 23:11:27 2021 +0200 Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> CommitDate: Wed Jun 16 22:18:02 2021 +0200 [NTOS:IO] Fix driverName.Buffer leak in some failure paths in IopGetDriverNames(). driverName.Buffer leaked when the "(!NT_SUCCESS(status) || ServiceName != NULL)" case is taken because ServiceName != NULL, and some of the functions fail. --- ntoskrnl/io/iomgr/driver.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ntoskrnl/io/iomgr/driver.c b/ntoskrnl/io/iomgr/driver.c index f48a85a9705..6a42dd30f7a 100644 --- a/ntoskrnl/io/iomgr/driver.c +++ b/ntoskrnl/io/iomgr/driver.c @@ -171,21 +171,22 @@ IopGetDriverNames( status = ZwQueryKey(ServiceHandle, KeyBasicInformation, NULL, 0, &infoLength); if (status != STATUS_BUFFER_TOO_SMALL) { - return NT_SUCCESS(status) ? STATUS_UNSUCCESSFUL : status; + status = (NT_SUCCESS(status) ? STATUS_UNSUCCESSFUL : status); + goto Cleanup; } /* Allocate the buffer and retrieve the data */ basicInfo = ExAllocatePoolWithTag(PagedPool, infoLength, TAG_IO); if (!basicInfo) { - return STATUS_INSUFFICIENT_RESOURCES; + status = STATUS_INSUFFICIENT_RESOURCES; + goto Cleanup; } status = ZwQueryKey(ServiceHandle, KeyBasicInformation, basicInfo, infoLength, &infoLength); if (!NT_SUCCESS(status)) { - ExFreePoolWithTag(basicInfo, TAG_IO); - return status; + goto Cleanup; } serviceName.Length = basicInfo->NameLength; @@ -248,7 +249,6 @@ IopGetDriverNames( PWCHAR buf = ExAllocatePoolWithTag(PagedPool, serviceName.Length, TAG_IO); if (!buf) { - ExFreePoolWithTag(driverName.Buffer, TAG_IO); status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; } @@ -265,6 +265,9 @@ Cleanup: if (basicInfo) ExFreePoolWithTag(basicInfo, TAG_IO); + if (!NT_SUCCESS(status) && driverName.Buffer) + ExFreePoolWithTag(driverName.Buffer, TAG_IO); + return status; }