[NTOS:IO] Fail if the driver name passed to NtLoadDriver() is an empty string.

Otherwise an assertion on the driver name is hit later on.
Can be reproduced by calling NtLoadDriver with a valid UNICODE_STRING
of Length == 0.

diff --git a/ntoskrnl/io/iomgr/driver.c b/ntoskrnl/io/iomgr/driver.c
index 9f7d5ed..3b033f9 100644 (file)
--- a/ntoskrnl/io/iomgr/driver.c
+++ b/ntoskrnl/io/iomgr/driver.c
@@ -1251,7 +1251,7 @@ IopUnloadDriver(PUNICODE_STRING DriverServiceName, BOOLEAN UnloadPnpDrivers)
     DPRINT("IopUnloadDriver('%wZ', %u)\n", &CapturedServiceName, UnloadPnpDrivers);
 
     /* We need a service name */
-    if (CapturedServiceName.Length == 0)
+    if (CapturedServiceName.Length == 0 || CapturedServiceName.Buffer == NULL)
     {
         ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
         return STATUS_INVALID_PARAMETER;
@@ -2161,6 +2161,13 @@ NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
 
     DPRINT("NtLoadDriver('%wZ')\n", &CapturedServiceName);
 
+    /* We need a service name */
+    if (CapturedServiceName.Length == 0 || CapturedServiceName.Buffer == NULL)
+    {
+        ReleaseCapturedUnicodeString(&CapturedServiceName, PreviousMode);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Load driver and call its entry point */
     DriverObject = NULL;
     Status = IopLoadUnloadDriver(&CapturedServiceName, &DriverObject);