lywsvip/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2026-06-01 08:50:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

[KERNEL32] Fix use-after-free in GetStartupInfoA (#8282)

Browse Source 
- Set StartupInfo to point to the global BaseAnsiStartupInfo only after the local data has been freed.
This commit is contained in:
Mohammed al-Ramadany
2025-08-12 02:17:29 +03:00
committed by GitHub
parent 78ce856564
commit 4f61d2ea04
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dll/win32/kernel32/client/proc.c
View File

@@ -1397,8 +1397,7 @@ GetStartupInfoA(IN LPSTARTUPINFOA lpStartupInfo)
break;
}
/* Someone beat us to it, use their data instead */
StartupInfo = BaseAnsiStartupInfo;
/* Someone beat us to it, we will use their data instead */
Status = STATUS_SUCCESS;
/* We're going to free our own stuff, but not raise */
@@ -1409,6 +1408,9 @@ GetStartupInfoA(IN LPSTARTUPINFOA lpStartupInfo)
RtlFreeAnsiString(&ShellString);
}
RtlFreeHeap(RtlGetProcessHeap(), 0, StartupInfo);
/* Get the cached information again: either still NULL or set by another thread */
StartupInfo = BaseAnsiStartupInfo;
}
else
{
@@ -1417,7 +1419,7 @@ GetStartupInfoA(IN LPSTARTUPINFOA lpStartupInfo)
}
/* Raise an error unless we got here due to the race condition */
if (!NT_SUCCESS(Status)) RtlRaiseStatus(Status);
if (!StartupInfo) RtlRaiseStatus(Status);
}
/* Now copy from the cached ANSI version */