Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-7167

ntoskrnl: IoCreateFile crashes on invalid input.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: None
    • Component/s: NTCore
    • Labels:
    • Module:

      Description

      It is possible for user-mode programs to crash the kernel by calling NtCreateFile with an invalid pointer for ObjectAttributes, which gets passed to IoCreateFile. The supplied patch will add the code that will probe and capture the ObjectAttributes parameter. Note that capturing the ObjectName and/or other values in ObjectAttributes is not necessary as those checks will be performed in ObOpenObjectByName.

        Attachments

          Activity

            People

            • Assignee:
              ThFabba ThFabba
              Reporter:
              theflash Alex
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: