From 40b25634ffcfd13ce98c338cdc272f1aa1d4bbf2 Mon Sep 17 00:00:00 2001
From: Victor Perevertkin <victor@perevertkin.ru>
Date: Tue, 11 Jun 2019 01:31:44 +0300
Subject: [PATCH] [USBSTOR] Do not leak fields of DeviceExtensions upon device
 removal

---
 drivers/usb/usbstor/fdo.c | 19 +++++++++++++++++++
 drivers/usb/usbstor/pdo.c |  6 +++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/usbstor/fdo.c b/drivers/usb/usbstor/fdo.c
index 1c1949533f9..6879b4efe8f 100644
--- a/drivers/usb/usbstor/fdo.c
+++ b/drivers/usb/usbstor/fdo.c
@@ -108,8 +108,27 @@ USBSTOR_FdoHandleRemoveDevice(
         }
     }
 
+    // Freeing everything in DeviceExtension
+    ASSERT(
+        DeviceExtension->DeviceDescriptor &&
+        DeviceExtension->ConfigurationDescriptor &&
+        DeviceExtension->InterfaceInformation &&
+        DeviceExtension->ResetDeviceWorkItem
+    );
+
+    ExFreePoolWithTag(DeviceExtension->DeviceDescriptor, USB_STOR_TAG);
+    ExFreePoolWithTag(DeviceExtension->ConfigurationDescriptor, USB_STOR_TAG);
+    ExFreePoolWithTag(DeviceExtension->InterfaceInformation, USB_STOR_TAG);
+    IoFreeWorkItem(DeviceExtension->ResetDeviceWorkItem);
+
+    if (DeviceExtension->SerialNumber)
+    {
+        ExFreePoolWithTag(DeviceExtension->SerialNumber, USB_STOR_TAG);
+    }
+
     // Send the IRP down the stack
     IoSkipCurrentIrpStackLocation(Irp);
+    Irp->IoStatus.Status = STATUS_SUCCESS;
     Status = IoCallDriver(DeviceExtension->LowerDeviceObject, Irp);
 
     // Detach from the device stack
diff --git a/drivers/usb/usbstor/pdo.c b/drivers/usb/usbstor/pdo.c
index b41cb9345d1..9a84483b701 100644
--- a/drivers/usb/usbstor/pdo.c
+++ b/drivers/usb/usbstor/pdo.c
@@ -575,6 +575,10 @@ USBSTOR_PdoHandlePnp(
                bDelete = FALSE;
            }
 
+           // clean up the device extension
+           ASSERT(DeviceExtension->InquiryData);
+           ExFreePoolWithTag(DeviceExtension->InquiryData, USB_STOR_TAG);
+
            Irp->IoStatus.Status = STATUS_SUCCESS;
            IoCompleteRequest(Irp, IO_NO_INCREMENT);
 
@@ -658,7 +662,7 @@ USBSTOR_SyncCompletionRoutine(
 
 /*
 * @name USBSTOR_SendInternalCdb
-* 
+*
 * Issues an internal SCSI request to device.
 * The request is sent in a synchronous way.
 */
-- 
2.17.1