Major Description
This routine has a bug which causes an exception.
This routine contains the lines.
if (Result && (ServerName->Buffer[0] == '\\') && (ServerName->Buffer[1] == '\\')) |
ServerName += 2; |
Result = Result && !lstrcmpW(ServerName->Buffer, buf);
|
they are intended to skip over the two backslashes if they are present in the ServerName parameter passed in. Unfortunately that parameter is a PLSA_UNICODE_STRING rather than a plain string pointer so the code clobbers the pointer resulting in an exception and it fails to compare properly and causes the HeapFree() call that follows to be skipped.
I think it needs to be replaced with something like this to handle the pointer properly:
if (Result && (ServerName->Buffer[0] == '\\') && (ServerName->Buffer[1] == '\\')) { |
Result = Result && !lstrcmpW((LPCWSTR)&ServerName->Buffer[2], buf); |
} else { |
Result = Result && !lstrcmpW(ServerName->Buffer, buf);
|
}
|
(Just a C hack, so please let me know if this needs adjustment).