[KERNEL32]

Prevent a use-after-free issue in GetVolumeNameForVolumeMountPointW()

svn path=/trunk/; revision=65034

diff --git a/reactos/dll/win32/kernel32/client/file/mntpoint.c b/reactos/dll/win32/kernel32/client/file/mntpoint.c
index af0ae94..c6beae0 100644 (file)
--- a/reactos/dll/win32/kernel32/client/file/mntpoint.c
+++ b/reactos/dll/win32/kernel32/client/file/mntpoint.c
@@ -118,14 +118,15 @@ GetVolumeNameForVolumeMountPointW(IN LPCWSTR VolumeMountPoint,
                                      NULL, 0, MountDevName, BufferLength);
       if (!NT_SUCCESS(Status))
       {
                                      NULL, 0, MountDevName, BufferLength);
       if (!NT_SUCCESS(Status))
       {

-         RtlFreeHeap(GetProcessHeap(), 0, MountDevName);

          if (Status == STATUS_BUFFER_OVERFLOW)
          {
             BufferLength = sizeof(MOUNTDEV_NAME) + MountDevName->NameLength;
          if (Status == STATUS_BUFFER_OVERFLOW)
          {
             BufferLength = sizeof(MOUNTDEV_NAME) + MountDevName->NameLength;

+            RtlFreeHeap(GetProcessHeap(), 0, MountDevName);

             continue;
          }
          else
          {
             continue;
          }
          else
          {

+            RtlFreeHeap(GetProcessHeap(), 0, MountDevName);

             NtClose(FileHandle);
             BaseSetLastNTError(Status);
             return FALSE;
             NtClose(FileHandle);
             BaseSetLastNTError(Status);
             return FALSE;