https://git.reactos.org/?p=reactos.git;a=commitdiff;h=670a7ac7188f4912a48a50bae4d275f2f21e1810
commit 670a7ac7188f4912a48a50bae4d275f2f21e1810
Author: Pierre Schweitzer <pie...@reactos.org>
AuthorDate: Fri Oct 5 10:39:50 2018 +0200
Commit: Pierre Schweitzer <pie...@reactos.org>
CommitDate: Fri Oct 5 10:49:59 2018 +0200
[NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack
before returning it
---
ntoskrnl/io/iomgr/device.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/io/iomgr/device.c b/ntoskrnl/io/iomgr/device.c
index 189e47b71b..416a16e6aa 100644
--- a/ntoskrnl/io/iomgr/device.c
+++ b/ntoskrnl/io/iomgr/device.c
@@ -6,6 +6,7 @@
* PROGRAMMERS: Alex Ionescu (alex.ione...@reactos.org)
* Filip Navara (nava...@reactos.org)
* Hervé Poussineau (hpous...@reactos.org)
+ * Pierre Schweitzer
*/
/* INCLUDES
*******************************************************************/
@@ -1387,8 +1388,10 @@ IoGetRelatedDeviceObject(IN PFILE_OBJECT FileObject)
/* Cast the buffer to something we understand */
FileObjectExtension = FileObject->FileObjectExtension;
- /* Check if have a replacement top level device */
- if (FileObjectExtension->TopDeviceObjectHint)
+ /* Check if have a valid replacement top level device */
+ if (FileObjectExtension->TopDeviceObjectHint &&
+ IopVerifyDeviceObjectOnStack(DeviceObject,
+
FileObjectExtension->TopDeviceObjectHint))
{
/* Use this instead of returning the top level device */
return FileObjectExtension->TopDeviceObjectHint;
