https://git.reactos.org/?p=reactos.git;a=commitdiff;h=9d0eb9b7b85a5fb7b26065a46600fe5edc4dbdab
commit 9d0eb9b7b85a5fb7b26065a46600fe5edc4dbdab Author: Pierre Schweitzer <[email protected]> AuthorDate: Wed Jan 2 23:01:24 2019 +0100 Commit: Pierre Schweitzer <[email protected]> CommitDate: Wed Jan 2 23:02:44 2019 +0100 [TCPIP] Don't trust the TEB And trust the Russian hackers to exploit that. --- drivers/network/tcpip/include/precomp.h | 1 + drivers/network/tcpip/tcpip/fileobjs.c | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/network/tcpip/include/precomp.h b/drivers/network/tcpip/include/precomp.h index b2cb75063d..a96c4a51c3 100644 --- a/drivers/network/tcpip/include/precomp.h +++ b/drivers/network/tcpip/include/precomp.h @@ -16,5 +16,6 @@ #include <lock.h> #include <interface.h> #include <chew/chew.h> +#include <pseh/pseh2.h> #endif /* _TCPIP_PCH_ */ diff --git a/drivers/network/tcpip/tcpip/fileobjs.c b/drivers/network/tcpip/tcpip/fileobjs.c index f050a09b0c..614f1e1147 100644 --- a/drivers/network/tcpip/tcpip/fileobjs.c +++ b/drivers/network/tcpip/tcpip/fileobjs.c @@ -396,7 +396,6 @@ NTSTATUS FileOpenAddress( PVOID Options) { PADDRESS_FILE AddrFile; - PTEB Teb; TI_DbgPrint(MID_TRACE, ("Called (Proto %d).\n", Protocol)); @@ -431,10 +430,15 @@ NTSTATUS FileOpenAddress( AddrFile->HeaderIncl = 1; AddrFile->ProcessId = PsGetCurrentProcessId(); - Teb = PsGetCurrentThreadTeb(); - if (Teb != NULL) { - AddrFile->SubProcessTag = Teb->SubProcessTag; - } + _SEH2_TRY { + PTEB Teb; + + Teb = PsGetCurrentThreadTeb(); + if (Teb != NULL) + AddrFile->SubProcessTag = Teb->SubProcessTag; + } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { + AddrFile->SubProcessTag = 0; + } _SEH2_END; KeQuerySystemTime(&AddrFile->CreationTime);
