https://git.reactos.org/?p=reactos.git;a=commitdiff;h=501c2bdd63c4d4b97c4bc3b54241abe53e0fabdf
commit 501c2bdd63c4d4b97c4bc3b54241abe53e0fabdf
Author: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
AuthorDate: Sun Oct 22 21:57:59 2023 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
CommitDate: Mon Oct 23 18:18:45 2023 +0200
[NTOS:LPC] Fix input parameter for ProbeAndCaptureUnicodeString (#5815)
Addendum to commit b3c55b9e6 (PR #4399).
Passing &CapturedObjectName as pointer to be probed and captured would
fail if e.g. PreviousMode == UserMode, since that pointer is always in
kernel space. Instead, pass the original user-mode pointer.
Bug caught by Timo Kreuzer ;)
---
ntoskrnl/lpc/create.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ntoskrnl/lpc/create.c b/ntoskrnl/lpc/create.c
index 7c017b6b7e1..2f4d5b9622a 100644
--- a/ntoskrnl/lpc/create.c
+++ b/ntoskrnl/lpc/create.c
@@ -83,8 +83,9 @@ LpcpCreatePort(OUT PHANDLE PortHandle,
}
else
{
- if (ObjectAttributes->ObjectName)
- CapturedObjectName = *(ObjectAttributes->ObjectName);
+ ObjectName = ObjectAttributes->ObjectName;
+ if (ObjectName)
+ CapturedObjectName = *ObjectName;
}
/* Normalize the buffer pointer in case we don't have
@@ -96,7 +97,7 @@ LpcpCreatePort(OUT PHANDLE PortHandle,
/* Capture the port name for DPRINT only - ObCreateObject does its
* own capture. As it is used only for debugging, ignore any failure;
* the string is zeroed out in such case. */
- ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode,
&CapturedObjectName);
+ ProbeAndCaptureUnicodeString(&CapturedPortName, PreviousMode, ObjectName);
LPCTRACE(LPC_CREATE_DEBUG, "Name: %wZ\n", &CapturedPortName);
ReleaseCapturedUnicodeString(&CapturedPortName, PreviousMode);
#endif
