[ros-dev] [ros-diffs] [reactos] 01/01: [TCPIP] Don't assume the TEB is always defined
Alex Ionescu
ionucu at videotron.ca
Wed Jan 2 20:35:37 UTC 2019
A bit better... still a security bug.
Best regards,
Alex Ionescu
On Mon, Dec 31, 2018 at 8:00 AM Pierre Schweitzer <pierre at reactos.org>
wrote:
>
> https://git.reactos.org/?p=reactos.git;a=commitdiff;h=89a4cde14a5ac1d3363a8efbca9c26c9f93f037a
>
> commit 89a4cde14a5ac1d3363a8efbca9c26c9f93f037a
> Author: Pierre Schweitzer <pierre at reactos.org>
> AuthorDate: Mon Dec 31 13:59:58 2018 +0100
> Commit: Pierre Schweitzer <pierre at reactos.org>
> CommitDate: Mon Dec 31 14:00:34 2018 +0100
>
> [TCPIP] Don't assume the TEB is always defined
>
> Fixes the crash in kmtest:TcpIpConnect test.
> ---
> drivers/network/tcpip/tcpip/fileobjs.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/network/tcpip/tcpip/fileobjs.c
> b/drivers/network/tcpip/tcpip/fileobjs.c
> index 400f956034..f050a09b0c 100644
> --- a/drivers/network/tcpip/tcpip/fileobjs.c
> +++ b/drivers/network/tcpip/tcpip/fileobjs.c
> @@ -396,6 +396,7 @@ NTSTATUS FileOpenAddress(
> PVOID Options)
> {
> PADDRESS_FILE AddrFile;
> + PTEB Teb;
>
> TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol));
>
> @@ -429,7 +430,12 @@ NTSTATUS FileOpenAddress(
> AddrFile->BCast = 1;
> AddrFile->HeaderIncl = 1;
> AddrFile->ProcessId = PsGetCurrentProcessId();
> - AddrFile->SubProcessTag =
> ((PTEB)PsGetCurrentThreadTeb())->SubProcessTag;
> +
> + Teb = PsGetCurrentThreadTeb();
> + if (Teb != NULL) {
> + AddrFile->SubProcessTag = Teb->SubProcessTag;
> + }
> +
> KeQuerySystemTime(&AddrFile->CreationTime);
>
> /* Make sure address is a local unicast address or 0 */
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://reactos.org/pipermail/ros-dev/attachments/20190102/4a00b67d/attachment.html>
More information about the Ros-dev
mailing list