[weiden] 17217: revert my last changes back to Alex's version of ObpCaptureObjectAttributes as I'm being an incompetent ass. This will introduce several vulnerabilities and bugs again.
revert my last changes back to Alex's version of ObpCaptureObjectAttributes as I'm being an incompetent ass. This will introduce several vulnerabilities and bugs again. Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c Modified: trunk/reactos/ntoskrnl/cm/registry.c Modified: trunk/reactos/ntoskrnl/include/internal/ob.h Modified: trunk/reactos/ntoskrnl/lpc/connect.c Modified: trunk/reactos/ntoskrnl/ob/handle.c Modified: trunk/reactos/ntoskrnl/ob/namespc.c Modified: trunk/reactos/ntoskrnl/ob/object.c _____
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c --- trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/cm/ntfunc.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -192,19 +192,20 @@
PWSTR Start; UNICODE_STRING ObjectName; OBJECT_CREATE_INFORMATION ObjectCreateInfo; - KPROCESSOR_MODE PreviousMode; unsigned i;
PAGED_CODE(); - - PreviousMode = KeGetPreviousMode();
+ DPRINT("NtCreateKey (Name %wZ KeyHandle 0x%p Root 0x%p)\n", + ObjectAttributes->ObjectName, + KeyHandle, + ObjectAttributes->RootDirectory); + /* Capture all the info */ DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(ObjectAttributes, - PreviousMode, - PagedPool, - FALSE, + KeGetPreviousMode(), + CmiKeyType, &ObjectCreateInfo, &ObjectName); if (!NT_SUCCESS(Status)) @@ -218,10 +219,8 @@ (PVOID*)&Object, &RemainingPath, CmiKeyType); - ObpReleaseCapturedAttributes(&ObjectCreateInfo, - &ObjectName, - PreviousMode, - FALSE); + ObpReleaseCapturedAttributes(&ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer); if (!NT_SUCCESS(Status)) { DPRINT("CmpFindObject failed, Status: 0x%x\n", Status); @@ -1170,8 +1169,7 @@ DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(ObjectAttributes, PreviousMode, - PagedPool, - FALSE, + CmiKeyType, &ObjectCreateInfo, &ObjectName); if (!NT_SUCCESS(Status)) @@ -1187,10 +1185,8 @@ (PVOID*)&Object, &RemainingPath, CmiKeyType); - ObpReleaseCapturedAttributes(&ObjectCreateInfo, - &ObjectName, - PreviousMode, - FALSE); + ObpReleaseCapturedAttributes(&ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer); if (!NT_SUCCESS(Status)) { DPRINT("CmpFindObject() returned 0x%08lx\n", Status); _____
Modified: trunk/reactos/ntoskrnl/cm/registry.c --- trunk/reactos/ntoskrnl/cm/registry.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/cm/registry.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -705,8 +705,7 @@
DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(KeyObjectAttributes, KernelMode, - PagedPool, - FALSE, + CmiKeyType, &ObjectCreateInfo, &ObjectName); if (!NT_SUCCESS(Status)) @@ -720,10 +719,8 @@ (PVOID*)&ParentKey, &RemainingPath, CmiKeyType); - ObpReleaseCapturedAttributes(&ObjectCreateInfo, - &ObjectName, - KernelMode, - FALSE); + ObpReleaseCapturedAttributes(&ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer); if (!NT_SUCCESS(Status)) { return Status; _____
Modified: trunk/reactos/ntoskrnl/include/internal/ob.h --- trunk/reactos/ntoskrnl/include/internal/ob.h 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/include/internal/ob.h 2005-08-08 16:58:30 UTC (rev 17217) @@ -173,6 +173,14 @@
/* Secure object information functions */
+typedef struct _CAPTURED_OBJECT_ATTRIBUTES +{ + HANDLE RootDirectory; + ULONG Attributes; + PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; +} CAPTURED_OBJECT_ATTRIBUTES, *PCAPTURED_OBJECT_ATTRIBUTES; + NTSTATUS STDCALL ObpCaptureObjectName(IN PUNICODE_STRING CapturedName, @@ -181,19 +189,16 @@
NTSTATUS STDCALL -ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, +ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, - IN POOL_TYPE PoolType, - IN BOOLEAN CaptureIfKernel, - OUT POBJECT_CREATE_INFORMATION CapturedObjectAttributes OPTIONAL, - OUT PUNICODE_STRING ObjectName OPTIONAL); + IN POBJECT_TYPE ObjectType, + IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, + OUT PUNICODE_STRING ObjectName);
VOID STDCALL -ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION CapturedObjectAttributes OPTIONAL, - IN PUNICODE_STRING ObjectName OPTIONAL, - IN KPROCESSOR_MODE AccessMode, - IN BOOLEAN CaptureIfKernel); +ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo); + /* object information classes */
#define ICIF_QUERY 0x1 _____
Modified: trunk/reactos/ntoskrnl/lpc/connect.c --- trunk/reactos/ntoskrnl/lpc/connect.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/lpc/connect.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -410,7 +410,7 @@
NULL, PORT_ALL_ACCESS, /* DesiredAccess */ LpcPortObjectType, - PreviousMode, + UserMode, NULL, (PVOID*)&NamedPort); if (!NT_SUCCESS(Status)) @@ -430,7 +430,7 @@ Status = ObReferenceObjectByHandle(WriteMap.SectionHandle, SECTION_MAP_READ | SECTION_MAP_WRITE, MmSectionObjectType, - PreviousMode, + UserMode, (PVOID*)&SectionObject, NULL); if (!NT_SUCCESS(Status)) _____
Modified: trunk/reactos/ntoskrnl/ob/handle.c --- trunk/reactos/ntoskrnl/ob/handle.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/ob/handle.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -955,7 +955,7 @@
/* First try to find the Object */ if (ObjectNameInfo && ObjectNameInfo->Name.Buffer) { - DPRINT("Object has a name. Trying to find it: "%wZ".\n", &ObjectNameInfo->Name); + DPRINT("Object has a name. Trying to find it: %wZ.\n", &ObjectNameInfo->Name); Status = ObFindObject(ObjectCreateInfo, &ObjectNameInfo->Name, &FoundObject, @@ -1132,10 +1132,7 @@
/* We can delete the Create Info now */ Header->ObjectCreateInfo = NULL; - ObpReleaseCapturedAttributes(ObjectCreateInfo, - NULL, - ObjectCreateInfo->ProbeMode, - FALSE); + ObpReleaseCapturedAttributes(ObjectCreateInfo); ExFreePool(ObjectCreateInfo);
DPRINT("Status %x\n", Status); _____
Modified: trunk/reactos/ntoskrnl/ob/namespc.c --- trunk/reactos/ntoskrnl/ob/namespc.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/ob/namespc.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -70,35 +70,20 @@
NTSTATUS Status;
PAGED_CODE(); - - /* capture the ObjectPath */ - Status = RtlCaptureUnicodeString(&ObjectName, - AccessMode, - NonPagedPool, /* FIXME */ - FALSE, - ObjectPath); - if (!NT_SUCCESS(Status)) - { - DPRINT("RtlCaptureUnicodeString() failed (Status %lx)\n", Status); - return Status; - }
InitializeObjectAttributes(&ObjectAttributes, - &ObjectName, + ObjectPath, Attributes | OBJ_OPENIF, NULL, NULL);
- /* "Capture" all the info, it doesn't make sense to capture from the kernel - stack as the information should be safe anyway...just do a raw copy of the - data into the OBJECT_CREATE_INFORMATION structure */ + /* Capture all the info */ DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(&ObjectAttributes, - KernelMode, /* raw copy! */ - NonPagedPool, - FALSE, + AccessMode, + ObjectType, &ObjectCreateInfo, - NULL); + &ObjectName); if (!NT_SUCCESS(Status)) { DPRINT("ObpCaptureObjectAttributes() failed (Status %lx)\n", Status); @@ -111,19 +96,9 @@ &RemainingPath, ObjectType);
- /* we don't need to release the "captured" object attributes! Nothing was allocated! */ -#if 0 - ObpReleaseCapturedAttributes(&ObjectCreateInfo, - NULL, - AccessMode, - FALSE); -#endif + ObpReleaseCapturedAttributes(&ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer);
- /* free the captured ObjectPath if needed */ - RtlReleaseCapturedUnicodeString(&ObjectName, - AccessMode, - FALSE); - if (!NT_SUCCESS(Status)) { return(Status); @@ -194,8 +169,7 @@ DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(ObjectAttributes, AccessMode, - PagedPool, - FALSE, + ObjectType, &ObjectCreateInfo, &ObjectName); if (!NT_SUCCESS(Status)) @@ -209,10 +183,8 @@ &Object, &RemainingPath, ObjectType); - ObpReleaseCapturedAttributes(&ObjectCreateInfo, - &ObjectName, - AccessMode, - FALSE); + ObpReleaseCapturedAttributes(&ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer); if (!NT_SUCCESS(Status)) { DPRINT("ObFindObject() failed (Status %lx)\n", Status); _____
Modified: trunk/reactos/ntoskrnl/ob/object.c --- trunk/reactos/ntoskrnl/ob/object.c 2005-08-08 16:57:50 UTC (rev 17216) +++ trunk/reactos/ntoskrnl/ob/object.c 2005-08-08 16:58:30 UTC (rev 17217) @@ -110,297 +110,162 @@
NTSTATUS STDCALL -ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, +ObpCaptureObjectAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes, IN KPROCESSOR_MODE AccessMode, - IN POOL_TYPE PoolType, - IN BOOLEAN CaptureIfKernel, - OUT POBJECT_CREATE_INFORMATION CapturedObjectAttributes OPTIONAL, - OUT PUNICODE_STRING ObjectName OPTIONAL) + IN POBJECT_TYPE ObjectType, + IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, + OUT PUNICODE_STRING ObjectName) { - OBJECT_ATTRIBUTES AttributesCopy; NTSTATUS Status = STATUS_SUCCESS; + PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_QUALITY_OF_SERVICE SecurityQos; + PUNICODE_STRING LocalObjectName = NULL;
- /* at least one output parameter must be != NULL! */ - ASSERT(CapturedObjectAttributes != NULL || ObjectName != NULL); - - if (ObjectAttributes == NULL) + /* Zero out the Capture Data */ + DPRINT("ObpCaptureObjectAttributes\n"); + RtlZeroMemory(ObjectCreateInfo, sizeof(OBJECT_CREATE_INFORMATION)); + + /* Check if we got Oba */ + if (ObjectAttributes) { - /* we're going to return STATUS_SUCCESS! */ - goto failbasiccleanup; - } - - if (AccessMode != KernelMode) - { - _SEH_TRY + if (AccessMode != KernelMode) { - ProbeForRead(ObjectAttributes, - sizeof(ObjectAttributes), - sizeof(ULONG)); - /* make a copy on the stack */ - AttributesCopy = *ObjectAttributes; - } - _SEH_HANDLE - { - Status = _SEH_GetExceptionCode(); - } - _SEH_END; - - if(!NT_SUCCESS(Status)) - { - DPRINT1("ObpCaptureObjectAttributes failed to probe object attributes 0x%p\n", ObjectAttributes); - goto failbasiccleanup; - } - } - else if (!CaptureIfKernel) - { - if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES)) - { - if (ObjectName != NULL) + DPRINT("Probing OBA\n"); + _SEH_TRY { - /* we don't have to capture any memory, the caller considers the passed data - as valid */ - if (ObjectAttributes->ObjectName != NULL) - { - *ObjectName = *ObjectAttributes->ObjectName; - } - else - { - ObjectName->Length = ObjectName->MaximumLength = 0; - ObjectName->Buffer = NULL; - } + /* FIXME: SMSS SENDS BULLSHIT. */ + #if 0 + ProbeForRead(ObjectAttributes, + sizeof(ObjectAttributes), + sizeof(ULONG)); + #endif } - if (CapturedObjectAttributes != NULL) + _SEH_HANDLE { - CapturedObjectAttributes->RootDirectory = ObjectAttributes->RootDirectory; - CapturedObjectAttributes->Attributes = ObjectAttributes->Attributes; - CapturedObjectAttributes->SecurityDescriptor = ObjectAttributes->SecurityDescriptor; - CapturedObjectAttributes->SecurityDescriptorCharge = 0; /* FIXME */ - CapturedObjectAttributes->ProbeMode = AccessMode; + Status = _SEH_GetExceptionCode(); } - - return STATUS_SUCCESS; + _SEH_END; } - else + + /* Validate the Size */ + DPRINT("Validating OBA\n"); + if (ObjectAttributes->Length != sizeof(OBJECT_ATTRIBUTES)) { Status = STATUS_INVALID_PARAMETER; - goto failbasiccleanup; } - } - else - { - AttributesCopy = *ObjectAttributes; - }
- /* if Length isn't as expected, bail with an invalid parameter status code so - the caller knows he passed garbage... */ - if (AttributesCopy.Length != sizeof(OBJECT_ATTRIBUTES)) - { - Status = STATUS_INVALID_PARAMETER; - goto failbasiccleanup; - } - - if (CapturedObjectAttributes != NULL) - { - CapturedObjectAttributes->RootDirectory = AttributesCopy.RootDirectory; - CapturedObjectAttributes->Attributes = AttributesCopy.Attributes; - - if (AttributesCopy.SecurityDescriptor != NULL) + /* Fail if SEH or Size Validation failed */ + if(!NT_SUCCESS(Status)) { - Status = SeCaptureSecurityDescriptor(AttributesCopy.SecurityDescriptor, + DPRINT1("ObpCaptureObjectAttributes failed to probe object attributes\n"); + goto fail; + } + + /* Set some Create Info */ + DPRINT("Creating OBCI\n"); + ObjectCreateInfo->RootDirectory = ObjectAttributes->RootDirectory; + ObjectCreateInfo->Attributes = ObjectAttributes->Attributes; + LocalObjectName = ObjectAttributes->ObjectName; + SecurityDescriptor = ObjectAttributes->SecurityDescriptor; + SecurityQos = ObjectAttributes->SecurityQualityOfService; + + /* Validate the SD */ + if (SecurityDescriptor) + { + DPRINT("Probing SD: %x\n", SecurityDescriptor); + Status = SeCaptureSecurityDescriptor(SecurityDescriptor, AccessMode, - PoolType, + NonPagedPool, TRUE, - &CapturedObjectAttributes->SecurityDescriptor); - if (!NT_SUCCESS(Status)) + &ObjectCreateInfo->SecurityDescriptor); + if(!NT_SUCCESS(Status)) { DPRINT1("Unable to capture the security descriptor!!!\n"); - goto failbasiccleanup; + ObjectCreateInfo->SecurityDescriptor = NULL; + goto fail; } - CapturedObjectAttributes->SecurityDescriptorCharge = 0; /* FIXME */ + + DPRINT("Probe done\n"); + ObjectCreateInfo->SecurityDescriptorCharge = 0; /* FIXME */ + ObjectCreateInfo->ProbeMode = AccessMode; } - else + + /* Validate the QoS */ + if (SecurityQos) { - CapturedObjectAttributes->SecurityDescriptor = NULL; - CapturedObjectAttributes->SecurityDescriptorCharge = 0; - } - } - - if (ObjectName != NULL) - { - ObjectName->Buffer = NULL; - - if (AttributesCopy.ObjectName != NULL) - { - UNICODE_STRING OriginalCopy = {0}; - if (AccessMode != KernelMode) { + DPRINT("Probing QoS\n"); _SEH_TRY { - /* probe the ObjectName structure and make a local stack copy of it */ - ProbeForRead(AttributesCopy.ObjectName, - sizeof(UNICODE_STRING), + ProbeForRead(SecurityQos, + sizeof(SECURITY_QUALITY_OF_SERVICE), sizeof(ULONG)); - OriginalCopy = *AttributesCopy.ObjectName; - if (OriginalCopy.Length > 0) - { - ProbeForRead(OriginalCopy.Buffer, - OriginalCopy.Length, - sizeof(WCHAR)); - } } _SEH_HANDLE { Status = _SEH_GetExceptionCode(); } _SEH_END; - - if (NT_SUCCESS(Status)) - { - ObjectName->Length = OriginalCopy.Length; - - if(OriginalCopy.Length > 0) - { - ObjectName->MaximumLength = OriginalCopy.Length + sizeof(WCHAR); - ObjectName->Buffer = ExAllocatePool(PoolType, - ObjectName->MaximumLength); - if (ObjectName->Buffer != NULL) - { - _SEH_TRY - { - /* no need to probe OriginalCopy.Buffer again, we already did that - when capturing the UNICODE_STRING structure itself */ - RtlCopyMemory(ObjectName->Buffer, OriginalCopy.Buffer, OriginalCopy.Length); - ObjectName->Buffer[OriginalCopy.Length / sizeof(WCHAR)] = L'\0'; - } - _SEH_HANDLE - { - Status = _SEH_GetExceptionCode(); - } - _SEH_END; - - if (!NT_SUCCESS(Status)) - { - DPRINT1("ObpCaptureObjectAttributes failed to copy the unicode string!\n"); - } - } - else - { - Status = STATUS_INSUFFICIENT_RESOURCES; - } - } - else if(AttributesCopy.RootDirectory != NULL /* && OriginalCopy.Length == 0 */) - { - /* if the caller specified a root directory, there must be an object name! */ - Status = STATUS_OBJECT_NAME_INVALID; - } - else - { - ObjectName->Length = ObjectName->MaximumLength = 0; - } - } -#ifdef DBG - else - { - DPRINT1("ObpCaptureObjectAttributes failed to probe the object name UNICODE_STRING structure!\n"); - } -#endif } - else /* AccessMode == KernelMode */ - { - OriginalCopy = *AttributesCopy.ObjectName; - ObjectName->Length = OriginalCopy.Length;
- if (OriginalCopy.Length > 0) - { - ObjectName->MaximumLength = OriginalCopy.Length + sizeof(WCHAR); - ObjectName->Buffer = ExAllocatePool(PoolType, - ObjectName->MaximumLength); - if (ObjectName->Buffer != NULL) - { - RtlCopyMemory(ObjectName->Buffer, OriginalCopy.Buffer, OriginalCopy.Length); - ObjectName->Buffer[OriginalCopy.Length / sizeof(WCHAR)] = L'\0'; - } - else - { - Status = STATUS_INSUFFICIENT_RESOURCES; - } - } - else if (AttributesCopy.RootDirectory != NULL /* && OriginalCopy.Length == 0 */) - { - /* if the caller specified a root directory, there must be an object name! */ - Status = STATUS_OBJECT_NAME_INVALID; - } - else - { - ObjectName->Length = ObjectName->MaximumLength = 0; - } + if(!NT_SUCCESS(Status)) + { + DPRINT1("Unable to capture QoS!!!\n"); + goto fail; } + + ObjectCreateInfo->SecurityQualityOfService = *SecurityQos; + ObjectCreateInfo->SecurityQos = &ObjectCreateInfo->SecurityQualityOfService; } - else + } + + /* Clear Local Object Name */ + DPRINT("Clearing name\n"); + RtlZeroMemory(ObjectName, sizeof(UNICODE_STRING)); + + /* Now check if the Object Attributes had an Object Name */ + if (LocalObjectName) + { + DPRINT("Name Buffer: %x\n", LocalObjectName->Buffer); + Status = ObpCaptureObjectName(ObjectName, + LocalObjectName, + AccessMode); + } + else + { + /* He can't have specified a Root Directory */ + if (ObjectCreateInfo->RootDirectory) { - ObjectName->Length = ObjectName->MaximumLength = 0; + DPRINT1("Invalid name\n"); + Status = STATUS_OBJECT_NAME_INVALID; } }
- CapturedObjectAttributes->ProbeMode = AccessMode; - +fail: if (!NT_SUCCESS(Status)) { - if (ObjectName != NULL && ObjectName->Buffer) - { - ExFreePool(ObjectName->Buffer); - } - if (CapturedObjectAttributes != NULL) - { - /* cleanup allocated resources */ - SeReleaseSecurityDescriptor(CapturedObjectAttributes->SecurityDescriptor , - AccessMode, - TRUE); - } - -failbasiccleanup: - if (ObjectName != NULL) - { - ObjectName->Length = ObjectName->MaximumLength = 0; - ObjectName->Buffer = NULL; - } - if (CapturedObjectAttributes != NULL) - { - RtlZeroMemory(CapturedObjectAttributes, sizeof(OBJECT_CREATE_INFORMATION)); - } + DPRINT1("Failed to capture, cleaning up\n"); + ObpReleaseCapturedAttributes(ObjectCreateInfo); } - + + DPRINT("Return to caller\n"); return Status; }
VOID STDCALL -ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION CapturedObjectAttributes OPTIONAL, - IN PUNICODE_STRING ObjectName OPTIONAL, - IN KPROCESSOR_MODE AccessMode, - IN BOOLEAN CaptureIfKernel) +ObpReleaseCapturedAttributes(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo) { - /* WARNING - You need to pass the same parameters to this function as you passed - to ObpCaptureObjectAttributes() to avoid memory leaks */ - if(AccessMode != KernelMode || CaptureIfKernel) - { - if(CapturedObjectAttributes != NULL && - CapturedObjectAttributes->SecurityDescriptor != NULL) + /* Release the SD, it's the only thing we allocated */ + if (ObjectCreateInfo->SecurityDescriptor) { - ExFreePool(CapturedObjectAttributes->SecurityDescriptor); - -#ifdef DBG - RtlZeroMemory(CapturedObjectAttributes, sizeof(OBJECT_CREATE_INFORMATION)); -#endif + SeReleaseSecurityDescriptor(ObjectCreateInfo->SecurityDescriptor, + ObjectCreateInfo->ProbeMode, + TRUE); + ObjectCreateInfo->SecurityDescriptor = NULL; } - if(ObjectName != NULL && - ObjectName->Length > 0) - { - ExFreePool(ObjectName->Buffer); - } - } }
@@ -483,7 +348,7 @@ ObjectName->Buffer[0] != L'\') { ObDereferenceObject (CurrentObject); - DPRINT1("failed: "%wZ"\n", ObjectName); + DPRINT1("failed\n"); return STATUS_UNSUCCESSFUL; }
@@ -930,9 +795,8 @@ /* Capture all the info */ DPRINT("Capturing Create Info\n"); Status = ObpCaptureObjectAttributes(ObjectAttributes, - ObjectAttributesAccessMode, - NonPagedPool, - TRUE, + AccessMode, + Type, ObjectCreateInfo, &ObjectName);
@@ -958,10 +822,8 @@
/* Release the Capture Info, we don't need it */ DPRINT1("Allocation failed\n"); - ObpReleaseCapturedAttributes(ObjectCreateInfo, - &ObjectName, - ObjectAttributesAccessMode, - TRUE); + ObpReleaseCapturedAttributes(ObjectCreateInfo); + if (ObjectName.Buffer) ExFreePool(ObjectName.Buffer); }
/* We failed, so release the Buffer */ @@ -1115,10 +977,7 @@ } if (Header->ObjectCreateInfo) { - ObpReleaseCapturedAttributes(Header->ObjectCreateInfo, - NULL, - Header->ObjectCreateInfo->ProbeMode, - FALSE); + ObpReleaseCapturedAttributes(Header->ObjectCreateInfo); ExFreePool(Header->ObjectCreateInfo); }
-
weiden@svn.reactos.com