A bit better... still a security bug. Best regards, Alex Ionescu
On Mon, Dec 31, 2018 at 8:00 AM Pierre Schweitzer <pie...@reactos.org> wrote: > > https://git.reactos.org/?p=reactos.git;a=commitdiff;h=89a4cde14a5ac1d3363a8efbca9c26c9f93f037a > > commit 89a4cde14a5ac1d3363a8efbca9c26c9f93f037a > Author: Pierre Schweitzer <pie...@reactos.org> > AuthorDate: Mon Dec 31 13:59:58 2018 +0100 > Commit: Pierre Schweitzer <pie...@reactos.org> > CommitDate: Mon Dec 31 14:00:34 2018 +0100 > > [TCPIP] Don't assume the TEB is always defined > > Fixes the crash in kmtest:TcpIpConnect test. > --- > drivers/network/tcpip/tcpip/fileobjs.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/network/tcpip/tcpip/fileobjs.c > b/drivers/network/tcpip/tcpip/fileobjs.c > index 400f956034..f050a09b0c 100644 > --- a/drivers/network/tcpip/tcpip/fileobjs.c > +++ b/drivers/network/tcpip/tcpip/fileobjs.c > @@ -396,6 +396,7 @@ NTSTATUS FileOpenAddress( > PVOID Options) > { > PADDRESS_FILE AddrFile; > + PTEB Teb; > > TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol)); > > @@ -429,7 +430,12 @@ NTSTATUS FileOpenAddress( > AddrFile->BCast = 1; > AddrFile->HeaderIncl = 1; > AddrFile->ProcessId = PsGetCurrentProcessId(); > - AddrFile->SubProcessTag = > ((PTEB)PsGetCurrentThreadTeb())->SubProcessTag; > + > + Teb = PsGetCurrentThreadTeb(); > + if (Teb != NULL) { > + AddrFile->SubProcessTag = Teb->SubProcessTag; > + } > + > KeQuerySystemTime(&AddrFile->CreationTime); > > /* Make sure address is a local unicast address or 0 */ > >
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://reactos.org/mailman/listinfo/ros-dev