From: Owen Smith <owen.smith@citrix.com>
Date: Fri, 6 Jan 2017 12:02:55 +0000 (+0000)
Subject: Fix pool leaks exposed by DriverVerifier
X-Git-Tag: 8.2.0-rc2~1
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=a1b9b076fbde67288cc2a19b547feb7d27b3dace;p=pvdrivers%2Fwin%2Fxenvbd.git

Fix pool leaks exposed by DriverVerifier

* RegistryCloseKey was not called in DriverRequestReboot
* RegistryTeardown was not being called in DriverUnload
* __RegistryFree was not being called in RegistryCreateKey
* Reordered DriverEntry slightly for improved code consistancy

Signed-off-by: Owen Smith <owen.smith@citrix.com>
---

diff --git a/src/xenvbd/driver.c b/src/xenvbd/driver.c
index 3fb2fcc..776d5ae 100644
--- a/src/xenvbd/driver.c
+++ b/src/xenvbd/driver.c
@@ -198,6 +198,8 @@ DriverRequestReboot(
 
     RegistryCloseKey(SubKey);
 
+    RegistryCloseKey(RequestKey);
+
     RegistryFreeSzValue(Ansi);
 
     return;
@@ -470,6 +472,7 @@ DriverUnload(
     Driver.StorPortDriverUnload(_DriverObject);
     BufferTerminate();
     RegistryCloseKey(Driver.ParametersKey);
+    RegistryTeardown();
 
     Trace("<=== (Irql=%d)\n", KeGetCurrentIrql());
 }
@@ -517,6 +520,7 @@ DriverEntry(
     Driver.ParametersKey = ParametersKey;
 
     RegistryCloseKey(ServiceKey);
+    ServiceKey = NULL;
 
     KeInitializeSpinLock(&Driver.Lock);
     Driver.Fdo = NULL;
@@ -555,23 +559,32 @@ DriverEntry(
                                 RegistryPath,
                                 &InitData,
                                 NULL);
-    if (NT_SUCCESS(status)) {
-        Driver.StorPortDispatchPnp     = _DriverObject->MajorFunction[IRP_MJ_PNP];
-        Driver.StorPortDispatchPower   = _DriverObject->MajorFunction[IRP_MJ_POWER];
-        Driver.StorPortDriverUnload    = _DriverObject->DriverUnload;
-
-        _DriverObject->MajorFunction[IRP_MJ_PNP]    = DispatchPnp;
-        _DriverObject->MajorFunction[IRP_MJ_POWER]  = DispatchPower;
-        _DriverObject->DriverUnload                 = DriverUnload;
-    }
+    if (!NT_SUCCESS(status))
+        goto fail4;
 
-    Trace("<=== (%08x) (Irql=%d)\n", status, KeGetCurrentIrql());
-    return status;
+    Driver.StorPortDispatchPnp     = _DriverObject->MajorFunction[IRP_MJ_PNP];
+    Driver.StorPortDispatchPower   = _DriverObject->MajorFunction[IRP_MJ_POWER];
+    Driver.StorPortDriverUnload    = _DriverObject->DriverUnload;
+
+    _DriverObject->MajorFunction[IRP_MJ_PNP]    = DispatchPnp;
+    _DriverObject->MajorFunction[IRP_MJ_POWER]  = DispatchPower;
+    _DriverObject->DriverUnload                 = DriverUnload;
+
+    Trace("<=== (%08x) (Irql=%d)\n", STATUS_SUCCESS, KeGetCurrentIrql());
+    return STATUS_SUCCESS;
+
+fail4:
+    Error("fail4\n");
+
+    BufferTerminate();
+    RegistryCloseKey(Driver.ParametersKey);
+    Driver.ParametersKey = NULL;
 
 fail3:
     Error("fail3\n");
 
-    RegistryCloseKey(ServiceKey);
+    if (ServiceKey)
+        RegistryCloseKey(ServiceKey);
 
 fail2:
     Error("fail2\n");
diff --git a/src/xenvbd/registry.c b/src/xenvbd/registry.c
index b70bc89..9ceffa5 100644
--- a/src/xenvbd/registry.c
+++ b/src/xenvbd/registry.c
@@ -234,6 +234,8 @@ RegistryCreateKey(
 
     *Key = Child;
 
+    __RegistryFree(Buffer);
+
     return STATUS_SUCCESS;
 
 fail4: