[NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882
authorThomas Faber <thomas.faber@reactos.org>
Tue, 7 May 2019 11:51:06 +0000 (13:51 +0200)
committerThomas Faber <thomas.faber@reactos.org>
Tue, 7 May 2019 11:52:50 +0000 (13:52 +0200)
Actually fixes ntdll_apitest:NtLoadUnloadKey.

ntoskrnl/config/cmhvlist.c
ntoskrnl/config/cmlazy.c

index b9ebb8f..1925bc5 100644 (file)
@@ -135,6 +135,7 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
     UNICODE_STRING HivePath;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     HivePath.Buffer = NULL;
@@ -175,10 +176,10 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status);
             goto Quickie;
index a8526e5..04d87a7 100644 (file)
@@ -279,6 +279,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
     UNICODE_STRING FileName;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     PAGED_CODE();
@@ -299,10 +300,10 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(FileAttributes->RootDirectory,
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status);
             return Status;