[NTOSKNRL]
authorPierre Schweitzer <pierre@reactos.org>
Tue, 2 May 2017 21:32:20 +0000 (21:32 +0000)
committerPierre Schweitzer <pierre@reactos.org>
Tue, 2 May 2017 21:32:20 +0000 (21:32 +0000)
Misc fixes in NtQueryDirectoryFile():
- Don't leak auxbuffer
- Don't allow two completion routines

svn path=/trunk/; revision=74451

reactos/ntoskrnl/io/iomgr/iofunc.c

index eb32a4d..5aa67ee 100644 (file)
@@ -1901,6 +1901,14 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
         return Status;
     }
 
+    /* Are there two associated completion routines? */
+    if (FileObject->CompletionContext != NULL && ApcRoutine != NULL)
+    {
+        ObDereferenceObject(FileObject);
+        if (AuxBuffer) ExFreePoolWithTag(AuxBuffer, TAG_SYSB);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Check if we have an even handle */
     if (EventHandle)
     {
@@ -1914,6 +1922,7 @@ NtQueryDirectoryFile(IN HANDLE FileHandle,
         if (!NT_SUCCESS(Status))
         {
             /* Fail */
+            if (AuxBuffer) ExFreePoolWithTag(AuxBuffer, TAG_SYSB);
             ObDereferenceObject(FileObject);
             return Status;
         }