Fix pool leaks exposed by DriverVerifier

author Owen Smith <owen.smith@citrix.com>

Fri, 6 Jan 2017 12:02:55 +0000 (12:02 +0000)

committer Paul Durrant <paul.durrant@citrix.com>

Fri, 6 Jan 2017 12:55:44 +0000 (12:55 +0000)
author Owen Smith <owen.smith@citrix.com>
Fri, 6 Jan 2017 12:02:55 +0000 (12:02 +0000)
committer Paul Durrant <paul.durrant@citrix.com>
Fri, 6 Jan 2017 12:55:44 +0000 (12:55 +0000)
diff --git a/src/xenvbd/driver.c b/src/xenvbd/driver.c

index 3fb2fcc2f68fcceca0f8fee6b7bb693f61da2a82..776d5ae8ecc993b43523bd20047d46a0aae1a77a 100644 (file)
--- a/src/xenvbd/driver.c
+++ b/src/xenvbd/driver.c
@@ -198,6 +198,8 @@ DriverRequestReboot(
  
      RegistryCloseKey(SubKey);
  
+    RegistryCloseKey(RequestKey);
+
      RegistryFreeSzValue(Ansi);
  
      return;
@@ -470,6 +472,7 @@ DriverUnload(
      Driver.StorPortDriverUnload(_DriverObject);
      BufferTerminate();
      RegistryCloseKey(Driver.ParametersKey);
+    RegistryTeardown();
  
      Trace("<=== (Irql=%d)\n", KeGetCurrentIrql());
  }
@@ -517,6 +520,7 @@ DriverEntry(
      Driver.ParametersKey = ParametersKey;
  
      RegistryCloseKey(ServiceKey);
+    ServiceKey = NULL;
  
      KeInitializeSpinLock(&Driver.Lock);
      Driver.Fdo = NULL;
@@ -555,23 +559,32 @@ DriverEntry(
                                  RegistryPath,
                                  &InitData,
                                  NULL);
-    if (NT_SUCCESS(status)) {
-        Driver.StorPortDispatchPnp     = _DriverObject->MajorFunction[IRP_MJ_PNP];
-        Driver.StorPortDispatchPower   = _DriverObject->MajorFunction[IRP_MJ_POWER];
-        Driver.StorPortDriverUnload    = _DriverObject->DriverUnload;
-
-        _DriverObject->MajorFunction[IRP_MJ_PNP]    = DispatchPnp;
-        _DriverObject->MajorFunction[IRP_MJ_POWER]  = DispatchPower;
-        _DriverObject->DriverUnload                 = DriverUnload;
-    }
+    if (!NT_SUCCESS(status))
+        goto fail4;
  
-    Trace("<=== (%08x) (Irql=%d)\n", status, KeGetCurrentIrql());
-    return status;
+    Driver.StorPortDispatchPnp     = _DriverObject->MajorFunction[IRP_MJ_PNP];
+    Driver.StorPortDispatchPower   = _DriverObject->MajorFunction[IRP_MJ_POWER];
+    Driver.StorPortDriverUnload    = _DriverObject->DriverUnload;
+
+    _DriverObject->MajorFunction[IRP_MJ_PNP]    = DispatchPnp;
+    _DriverObject->MajorFunction[IRP_MJ_POWER]  = DispatchPower;
+    _DriverObject->DriverUnload                 = DriverUnload;
+
+    Trace("<=== (%08x) (Irql=%d)\n", STATUS_SUCCESS, KeGetCurrentIrql());
+    return STATUS_SUCCESS;
+
+fail4:
+    Error("fail4\n");
+
+    BufferTerminate();
+    RegistryCloseKey(Driver.ParametersKey);
+    Driver.ParametersKey = NULL;
  
  fail3:
      Error("fail3\n");
  
-    RegistryCloseKey(ServiceKey);
+    if (ServiceKey)
+        RegistryCloseKey(ServiceKey);
  
  fail2:
      Error("fail2\n");
diff --git a/src/xenvbd/registry.c b/src/xenvbd/registry.c

index b70bc897ddf6193e7df09457837b82a996950bb4..9ceffa5af4e4995ada90535cdf08d5d527ad3685 100644 (file)
--- a/src/xenvbd/registry.c
+++ b/src/xenvbd/registry.c
@@ -234,6 +234,8 @@ RegistryCreateKey(
  
      *Key = Child;
  
+    __RegistryFree(Buffer);
+
      return STATUS_SUCCESS;
  
  fail4:
author	Owen Smith <owen.smith@citrix.com>
	Fri, 6 Jan 2017 12:02:55 +0000 (12:02 +0000)
committer	Paul Durrant <paul.durrant@citrix.com>
	Fri, 6 Jan 2017 12:55:44 +0000 (12:55 +0000)
src/xenvbd/driver.c		patch \| blob \| blame \| history
src/xenvbd/registry.c		patch \| blob \| blame \| history