[ros-diffs] [reactos] 01/01: [NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882

Tue, 07 May 2019 04:55:28 -0700 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f86360fdbc855aaade36989295edd97653c83b8b

commit f86360fdbc855aaade36989295edd97653c83b8b
Author:     Thomas Faber <[email protected]>
AuthorDate: Tue May 7 13:51:06 2019 +0200
Commit:     Thomas Faber <[email protected]>
CommitDate: Tue May 7 13:52:50 2019 +0200

    [NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882
    
    Actually fixes ntdll_apitest:NtLoadUnloadKey.
---
 ntoskrnl/config/cmhvlist.c | 7 ++++---
 ntoskrnl/config/cmlazy.c   | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ntoskrnl/config/cmhvlist.c b/ntoskrnl/config/cmhvlist.c
index b9ebb8fd4e..1925bc580f 100644
--- a/ntoskrnl/config/cmhvlist.c
+++ b/ntoskrnl/config/cmhvlist.c
@@ -135,6 +135,7 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
     UNICODE_STRING HivePath;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     HivePath.Buffer = NULL;
@@ -175,10 +176,10 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, 
status = 0x%08lx\n", Status);
             goto Quickie;
diff --git a/ntoskrnl/config/cmlazy.c b/ntoskrnl/config/cmlazy.c
index a8526e5b27..04d87a7ea1 100644
--- a/ntoskrnl/config/cmlazy.c
+++ b/ntoskrnl/config/cmlazy.c
@@ -279,6 +279,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
     UNICODE_STRING FileName;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     PAGED_CODE();
@@ -299,10 +300,10 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(FileAttributes->RootDirectory,
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size 
query failed, Status = 0x%08lx\n", Status);
             return Status;

Reply via email to