|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [win-pv-devel] [PATCH] Fix pool leaks exposed by DriverVerifier
From: Owen Smith <owen.smith@xxxxxxxxxx>
* RegistryCloseKey was not called in DriverRequestReboot
* RegistryTeardown was not being called in DriverUnload
* __RegistryFree was not being called in RegistryCreateKey
* Reordered DriverEntry slightly for improved code consistancy
Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
src/xenvbd/driver.c | 37 +++++++++++++++++++++++++------------
src/xenvbd/registry.c | 2 ++
2 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/src/xenvbd/driver.c b/src/xenvbd/driver.c
index 3fb2fcc..776d5ae 100644
--- a/src/xenvbd/driver.c
+++ b/src/xenvbd/driver.c
@@ -198,6 +198,8 @@ DriverRequestReboot(
RegistryCloseKey(SubKey);
+ RegistryCloseKey(RequestKey);
+
RegistryFreeSzValue(Ansi);
return;
@@ -470,6 +472,7 @@ DriverUnload(
Driver.StorPortDriverUnload(_DriverObject);
BufferTerminate();
RegistryCloseKey(Driver.ParametersKey);
+ RegistryTeardown();
Trace("<=== (Irql=%d)\n", KeGetCurrentIrql());
}
@@ -517,6 +520,7 @@ DriverEntry(
Driver.ParametersKey = ParametersKey;
RegistryCloseKey(ServiceKey);
+ ServiceKey = NULL;
KeInitializeSpinLock(&Driver.Lock);
Driver.Fdo = NULL;
@@ -555,23 +559,32 @@ DriverEntry(
RegistryPath,
&InitData,
NULL);
- if (NT_SUCCESS(status)) {
- Driver.StorPortDispatchPnp =
_DriverObject->MajorFunction[IRP_MJ_PNP];
- Driver.StorPortDispatchPower =
_DriverObject->MajorFunction[IRP_MJ_POWER];
- Driver.StorPortDriverUnload = _DriverObject->DriverUnload;
-
- _DriverObject->MajorFunction[IRP_MJ_PNP] = DispatchPnp;
- _DriverObject->MajorFunction[IRP_MJ_POWER] = DispatchPower;
- _DriverObject->DriverUnload = DriverUnload;
- }
+ if (!NT_SUCCESS(status))
+ goto fail4;
- Trace("<=== (%08x) (Irql=%d)\n", status, KeGetCurrentIrql());
- return status;
+ Driver.StorPortDispatchPnp = _DriverObject->MajorFunction[IRP_MJ_PNP];
+ Driver.StorPortDispatchPower =
_DriverObject->MajorFunction[IRP_MJ_POWER];
+ Driver.StorPortDriverUnload = _DriverObject->DriverUnload;
+
+ _DriverObject->MajorFunction[IRP_MJ_PNP] = DispatchPnp;
+ _DriverObject->MajorFunction[IRP_MJ_POWER] = DispatchPower;
+ _DriverObject->DriverUnload = DriverUnload;
+
+ Trace("<=== (%08x) (Irql=%d)\n", STATUS_SUCCESS, KeGetCurrentIrql());
+ return STATUS_SUCCESS;
+
+fail4:
+ Error("fail4\n");
+
+ BufferTerminate();
+ RegistryCloseKey(Driver.ParametersKey);
+ Driver.ParametersKey = NULL;
fail3:
Error("fail3\n");
- RegistryCloseKey(ServiceKey);
+ if (ServiceKey)
+ RegistryCloseKey(ServiceKey);
fail2:
Error("fail2\n");
diff --git a/src/xenvbd/registry.c b/src/xenvbd/registry.c
index b70bc89..9ceffa5 100644
--- a/src/xenvbd/registry.c
+++ b/src/xenvbd/registry.c
@@ -234,6 +234,8 @@ RegistryCreateKey(
*Key = Child;
+ __RegistryFree(Buffer);
+
return STATUS_SUCCESS;
fail4:
--
2.8.3
_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |