From: Pierre Schweitzer Date: Fri, 5 Oct 2018 08:39:50 +0000 (+0200) Subject: [NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack before return... X-Git-Tag: 0.4.12-dev~610 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=670a7ac7188f4912a48a50bae4d275f2f21e1810;hp=161b6728ef4522a069e2a6375fc2d1a39b683aa5 [NTOSKRNL] In IoGetRelatedDeviceObject(), validate hint is on the stack before returning it --- diff --git a/ntoskrnl/io/iomgr/device.c b/ntoskrnl/io/iomgr/device.c index 189e47b71b9..416a16e6aa6 100644 --- a/ntoskrnl/io/iomgr/device.c +++ b/ntoskrnl/io/iomgr/device.c @@ -6,6 +6,7 @@ * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org) * Filip Navara (navaraf@reactos.org) * Hervé Poussineau (hpoussin@reactos.org) + * Pierre Schweitzer */ /* INCLUDES *******************************************************************/ @@ -1387,8 +1388,10 @@ IoGetRelatedDeviceObject(IN PFILE_OBJECT FileObject) /* Cast the buffer to something we understand */ FileObjectExtension = FileObject->FileObjectExtension; - /* Check if have a replacement top level device */ - if (FileObjectExtension->TopDeviceObjectHint) + /* Check if have a valid replacement top level device */ + if (FileObjectExtension->TopDeviceObjectHint && + IopVerifyDeviceObjectOnStack(DeviceObject, + FileObjectExtension->TopDeviceObjectHint)) { /* Use this instead of returning the top level device */ return FileObjectExtension->TopDeviceObjectHint;