From: Thomas Faber <thomas.faber@reactos.org>
Date: Tue, 7 May 2019 11:51:06 +0000 (+0200)
Subject: [NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882
X-Git-Tag: 0.4.14-dev~1029
X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=f86360fdbc855aaade36989295edd97653c83b8b

[NTOS:CM] Do not call ZwQueryObject with a zero-size buffer. CORE-15882

Actually fixes ntdll_apitest:NtLoadUnloadKey.
---

diff --git a/ntoskrnl/config/cmhvlist.c b/ntoskrnl/config/cmhvlist.c
index b9ebb8fd4e6..1925bc580fe 100644
--- a/ntoskrnl/config/cmhvlist.c
+++ b/ntoskrnl/config/cmhvlist.c
@@ -135,6 +135,7 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
     UNICODE_STRING HivePath;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     HivePath.Buffer = NULL;
@@ -175,10 +176,10 @@ CmpAddToHiveFileList(IN PCMHIVE Hive)
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(Hive->FileHandles[HFILE_TYPE_PRIMARY],
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpAddToHiveFileList: Hive file name size query failed, status = 0x%08lx\n", Status);
             goto Quickie;
diff --git a/ntoskrnl/config/cmlazy.c b/ntoskrnl/config/cmlazy.c
index a8526e5b272..04d87a7ea12 100644
--- a/ntoskrnl/config/cmlazy.c
+++ b/ntoskrnl/config/cmlazy.c
@@ -279,6 +279,7 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
     UNICODE_STRING FileName;
     PWCHAR FilePath;
     ULONG Length;
+    OBJECT_NAME_INFORMATION DummyNameInfo;
     POBJECT_NAME_INFORMATION FileNameInfo;
 
     PAGED_CODE();
@@ -299,10 +300,10 @@ CmpCmdHiveOpen(IN POBJECT_ATTRIBUTES FileAttributes,
         /* Determine the right buffer size and allocate */
         Status = ZwQueryObject(FileAttributes->RootDirectory,
                                ObjectNameInformation,
-                               NULL,
-                               0,
+                               &DummyNameInfo,
+                               sizeof(DummyNameInfo),
                                &Length);
-        if (Status != STATUS_INFO_LENGTH_MISMATCH)
+        if (Status != STATUS_BUFFER_OVERFLOW)
         {
             DPRINT1("CmpCmdHiveOpen(): Root directory handle object name size query failed, Status = 0x%08lx\n", Status);
             return Status;