[TCPIP] Don't trust the TEB

And trust the Russian hackers to exploit that.

diff --git a/drivers/network/tcpip/include/precomp.h b/drivers/network/tcpip/include/precomp.h
index b2cb750..a96c4a5 100644 (file)
--- a/drivers/network/tcpip/include/precomp.h
+++ b/drivers/network/tcpip/include/precomp.h
@@ -16,5 +16,6 @@
 #include <lock.h>
 #include <interface.h>
 #include <chew/chew.h>
 #include <lock.h>
 #include <interface.h>
 #include <chew/chew.h>

+#include <pseh/pseh2.h>

 
 #endif /* _TCPIP_PCH_ */
 
 #endif /* _TCPIP_PCH_ */

diff --git a/drivers/network/tcpip/tcpip/fileobjs.c b/drivers/network/tcpip/tcpip/fileobjs.c
index f050a09..614f1e1 100644 (file)
--- a/drivers/network/tcpip/tcpip/fileobjs.c
+++ b/drivers/network/tcpip/tcpip/fileobjs.c
@@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress(
   PVOID Options)
 {
   PADDRESS_FILE AddrFile;
   PVOID Options)
 {
   PADDRESS_FILE AddrFile;

-  PTEB Teb;

 
   TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
 
 
   TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
 


@@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress(
   AddrFile->HeaderIncl = 1;
   AddrFile->ProcessId = PsGetCurrentProcessId();
 
   AddrFile->HeaderIncl = 1;
   AddrFile->ProcessId = PsGetCurrentProcessId();
 

-  Teb = PsGetCurrentThreadTeb();
-  if (Teb != NULL) {
-    AddrFile->SubProcessTag = Teb->SubProcessTag;
-  }
+  _SEH2_TRY {
+      PTEB Teb;
+
+      Teb = PsGetCurrentThreadTeb();
+      if (Teb != NULL)
+         AddrFile->SubProcessTag = Teb->SubProcessTag;
+  } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+      AddrFile->SubProcessTag = 0;
+  } _SEH2_END;

 
   KeQuerySystemTime(&AddrFile->CreationTime);
 
 
   KeQuerySystemTime(&AddrFile->CreationTime);