[NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack before return...

author Pierre Schweitzer <pierre@reactos.org>

Fri, 5 Oct 2018 08:39:50 +0000 (10:39 +0200)

committer Pierre Schweitzer <pierre@reactos.org>

Fri, 5 Oct 2018 08:49:59 +0000 (10:49 +0200)
author Pierre Schweitzer <pierre@reactos.org>
Fri, 5 Oct 2018 08:39:50 +0000 (10:39 +0200)
committer Pierre Schweitzer <pierre@reactos.org>
Fri, 5 Oct 2018 08:49:59 +0000 (10:49 +0200)
diff --git a/ntoskrnl/io/iomgr/device.c b/ntoskrnl/io/iomgr/device.c

index 189e47b..416a16e 100644 (file)
--- a/ntoskrnl/io/iomgr/device.c
+++ b/ntoskrnl/io/iomgr/device.c
@@ -6,6 +6,7 @@
   * PROGRAMMERS:     Alex Ionescu (alex.ionescu@reactos.org)
   *                  Filip Navara (navaraf@reactos.org)
   *                  Hervé Poussineau (hpoussin@reactos.org)
   * PROGRAMMERS:     Alex Ionescu (alex.ionescu@reactos.org)
   *                  Filip Navara (navaraf@reactos.org)
   *                  Hervé Poussineau (hpoussin@reactos.org)
+ *                  Pierre Schweitzer
   */
  
  /* INCLUDES *******************************************************************/
   */
  
  /* INCLUDES *******************************************************************/
@@ -1387,8 +1388,10 @@ IoGetRelatedDeviceObject(IN PFILE_OBJECT FileObject)
                  /* Cast the buffer to something we understand */
                  FileObjectExtension = FileObject->FileObjectExtension;
  
                  /* Cast the buffer to something we understand */
                  FileObjectExtension = FileObject->FileObjectExtension;
  
-                /* Check if have a replacement top level device */
-                if (FileObjectExtension->TopDeviceObjectHint)
+                /* Check if have a valid replacement top level device */
+                if (FileObjectExtension->TopDeviceObjectHint &&
+                    IopVerifyDeviceObjectOnStack(DeviceObject,
+                                                 FileObjectExtension->TopDeviceObjectHint))
                  {
                      /* Use this instead of returning the top level device */
                      return FileObjectExtension->TopDeviceObjectHint;
                  {
                      /* Use this instead of returning the top level device */
                      return FileObjectExtension->TopDeviceObjectHint;
author	Pierre Schweitzer <pierre@reactos.org>
	Fri, 5 Oct 2018 08:39:50 +0000 (10:39 +0200)
committer	Pierre Schweitzer <pierre@reactos.org>
	Fri, 5 Oct 2018 08:49:59 +0000 (10:49 +0200)