[NTOSKRNL] In IopQueryNameInternal() don't copy name if it's not valid

author Pierre Schweitzer <pierre@reactos.org>

Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)

committer Pierre Schweitzer <pierre@reactos.org>

Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)
author Pierre Schweitzer <pierre@reactos.org>
Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)
committer Pierre Schweitzer <pierre@reactos.org>
Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)
diff --git a/ntoskrnl/io/iomgr/file.c b/ntoskrnl/io/iomgr/file.c

index 1fb6918..0fbac2c 100644 (file)
--- a/ntoskrnl/io/iomgr/file.c
+++ b/ntoskrnl/io/iomgr/file.c
@@ -2004,6 +2004,14 @@ IopQueryNameInternal(IN PVOID ObjectBody,
                                  (ULONG_PTR)ObjectNameInfo +
                                  LocalFileInfo->FileNameLength);
  
                                  (ULONG_PTR)ObjectNameInfo +
                                  LocalFileInfo->FileNameLength);
  
+    /* Don't copy the name if it's not valid */
+    if (LocalFileInfo->FileName[0] != OBJ_NAME_PATH_SEPARATOR)
+    {
+        /* Free the allocated buffer and return failure */
+        ExFreePoolWithTag(LocalInfo, TAG_IO);
+        return STATUS_OBJECT_PATH_INVALID;
+    }
+
      /* Write the Name and null-terminate it */
      RtlCopyMemory(p, LocalFileInfo->FileName, FileLength);
      p += (FileLength / sizeof(WCHAR));
      /* Write the Name and null-terminate it */
      RtlCopyMemory(p, LocalFileInfo->FileName, FileLength);
      p += (FileLength / sizeof(WCHAR));
author	Pierre Schweitzer <pierre@reactos.org>
	Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)
committer	Pierre Schweitzer <pierre@reactos.org>
	Wed, 3 Oct 2018 11:50:16 +0000 (13:50 +0200)