[TCPIP] Don't trust the TEB
authorPierre Schweitzer <pierre@reactos.org>
Wed, 2 Jan 2019 22:01:24 +0000 (23:01 +0100)
committerPierre Schweitzer <pierre@reactos.org>
Wed, 2 Jan 2019 22:02:44 +0000 (23:02 +0100)
And trust the Russian hackers to exploit that.

drivers/network/tcpip/include/precomp.h
drivers/network/tcpip/tcpip/fileobjs.c

index b2cb750..a96c4a5 100644 (file)
@@ -16,5 +16,6 @@
 #include <lock.h>
 #include <interface.h>
 #include <chew/chew.h>
+#include <pseh/pseh2.h>
 
 #endif /* _TCPIP_PCH_ */
index f050a09..614f1e1 100644 (file)
@@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress(
   PVOID Options)
 {
   PADDRESS_FILE AddrFile;
-  PTEB Teb;
 
   TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
 
@@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress(
   AddrFile->HeaderIncl = 1;
   AddrFile->ProcessId = PsGetCurrentProcessId();
 
-  Teb = PsGetCurrentThreadTeb();
-  if (Teb != NULL) {
-    AddrFile->SubProcessTag = Teb->SubProcessTag;
-  }
+  _SEH2_TRY {
+      PTEB Teb;
+
+      Teb = PsGetCurrentThreadTeb();
+      if (Teb != NULL)
+         AddrFile->SubProcessTag = Teb->SubProcessTag;
+  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+      AddrFile->SubProcessTag = 0;
+  } _SEH2_END;
 
   KeQuerySystemTime(&AddrFile->CreationTime);