From d19532d463b77054b555e37388d52fd6b2353dc2 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Sat, 25 Jun 2016 23:27:45 +0000 Subject: [PATCH 1/1] =?utf8?q?[NTOS:LPC]=20-=20Avoid=20dereferencing=20a?= =?utf8?q?=20null=20pointer=20in=20LpcpDeletePort.=20By=20Samuel=20Serapi?= =?utf8?q?=C3=B3n.=20CORE-6850=20#resolve?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit svn path=/trunk/; revision=71673 --- reactos/ntoskrnl/lpc/close.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/reactos/ntoskrnl/lpc/close.c b/reactos/ntoskrnl/lpc/close.c index a8fb1ad1fc9..f94e320e3d6 100644 --- a/reactos/ntoskrnl/lpc/close.c +++ b/reactos/ntoskrnl/lpc/close.c @@ -432,6 +432,15 @@ LpcpDeletePort(IN PVOID ObjectBody) /* Dereference the object unless it's the same port */ if (ConnectionPort != Port) ObDereferenceObject(ConnectionPort); + + /* Check if this is a connection port with a server process */ + if (((Port->Flags & LPCP_PORT_TYPE_MASK) == LPCP_CONNECTION_PORT) && + (ConnectionPort->ServerProcess)) + { + /* Dereference the server process */ + ObDereferenceObject(ConnectionPort->ServerProcess); + ConnectionPort->ServerProcess = NULL; + } } else { @@ -439,15 +448,6 @@ LpcpDeletePort(IN PVOID ObjectBody) KeReleaseGuardedMutex(&LpcpLock); } - /* Check if this is a connection port with a server process */ - if (((Port->Flags & LPCP_PORT_TYPE_MASK) == LPCP_CONNECTION_PORT) && - (ConnectionPort->ServerProcess)) - { - /* Dereference the server process */ - ObDereferenceObject(ConnectionPort->ServerProcess); - ConnectionPort->ServerProcess = NULL; - } - /* Free client security */ LpcpFreePortClientSecurity(Port); LPCTRACE(LPC_CLOSE_DEBUG, "Port: %p deleted\n", Port); -- 2.17.1