Index: ntoskrnl/config/cminit.c =================================================================== --- ntoskrnl/config/cminit.c (révision 57398) +++ ntoskrnl/config/cminit.c (copie de travail) @@ -116,13 +116,24 @@ Hive->ViewLock = ExAllocatePoolWithTag(NonPagedPool, sizeof(KGUARDED_MUTEX), TAG_CM); - if (!Hive->ViewLock) return STATUS_INSUFFICIENT_RESOURCES; + if (!Hive->ViewLock) + { + /* Cleanup allocation and fail */ + ExFreePoolWithTag(Hive, TAG_CM); + return STATUS_INSUFFICIENT_RESOURCES; + } /* Allocate the flush lock */ Hive->FlusherLock = ExAllocatePoolWithTag(NonPagedPool, sizeof(ERESOURCE), TAG_CM); - if (!Hive->FlusherLock) return STATUS_INSUFFICIENT_RESOURCES; + if (!Hive->FlusherLock) + { + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); + return STATUS_INSUFFICIENT_RESOURCES; + } /* Setup the handles */ Hive->FileHandles[HFILE_TYPE_PRIMARY] = Primary; @@ -189,10 +200,10 @@ (PUNICODE_STRING)FileName); if (!NT_SUCCESS(Status)) { - /* Clear allocations and fail */ - ExFreePool(Hive->ViewLock); - ExFreePool(Hive->FlusherLock); - ExFreePool(Hive); + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->FlusherLock, TAG_CM); + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); return Status; } @@ -205,10 +216,10 @@ /* Verify integrity */ if (CmCheckRegistry((PCMHIVE)Hive, TRUE)) { - /* Free all alocations */ - ExFreePool(Hive->ViewLock); - ExFreePool(Hive->FlusherLock); - ExFreePool(Hive); + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->FlusherLock, TAG_CM); + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); return STATUS_REGISTRY_CORRUPT; } } @@ -231,10 +242,10 @@ NTAPI CmpOpenHiveFiles(IN PCUNICODE_STRING BaseName, IN PCWSTR Extension OPTIONAL, - IN PHANDLE Primary, - IN PHANDLE Log, - IN PULONG PrimaryDisposition, - IN PULONG LogDisposition, + OUT PHANDLE Primary, + OUT PHANDLE Log, + OUT PULONG PrimaryDisposition, + OUT PULONG LogDisposition, IN BOOLEAN CreateAllowed, IN BOOLEAN MarkAsSystemHive, IN BOOLEAN NoBuffering, Index: ntoskrnl/config/cmparse.c =================================================================== --- ntoskrnl/config/cmparse.c (révision 57398) +++ ntoskrnl/config/cmparse.c (copie de travail) @@ -136,7 +136,7 @@ if (Length > 0xFFFF) goto Exit; /* Check if we need a new buffer */ - if (Length > ObjectName->MaximumLength) + if (Length > ObjectName->MaximumLength) { /* We do -- allocate one */ NewBuffer = ExAllocatePoolWithTag(PagedPool, Length, TAG_CM); @@ -334,7 +334,7 @@ KeyNode->MaxClassLen = 0; KeyNode->NameLength = CmpCopyName(Hive, KeyNode->Name, Name); if (KeyNode->NameLength < Name->Length) KeyNode->Flags |= KEY_COMP_NAME; - + /* Create the KCB */ Kcb = CmpCreateKeyControlBlock(Hive, *KeyCell, @@ -349,7 +349,7 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Quickie; } - + /* Sanity check */ ASSERT(Kcb->RefCount == 1); @@ -357,7 +357,7 @@ KeyBody->NotifyBlock = NULL; KeyBody->ProcessID = PsGetCurrentProcessId(); KeyBody->KeyControlBlock = Kcb; - + /* Link it with the KCB */ EnlistKeyBodyWithKCB(KeyBody, 0); @@ -745,7 +745,7 @@ DPRINT1("Invalid link node attempt\n"); return STATUS_ACCESS_DENIED; } - + /* Check if the parent is being deleted */ if (ParentKcb->Delete) { @@ -754,7 +754,7 @@ Status = STATUS_OBJECT_NAME_NOT_FOUND; goto Exit; } - + /* Allocate a link node */ LinkCell = HvAllocateCell(Hive, FIELD_OFFSET(CM_KEY_NODE, Name) + @@ -767,14 +767,14 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Get the key cell */ KeyCell = Context->ChildHive.KeyCell; if (KeyCell != HCELL_NIL) { /* Hive exists! */ ChildCell = KeyCell; - + /* Get the node data */ KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, ChildCell); if (!KeyNode) @@ -784,12 +784,12 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Fill out the data */ KeyNode->Parent = LinkCell; KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE; HvReleaseCell(Context->ChildHive.KeyHive, ChildCell); - + /* Now open the key cell */ KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, KeyCell); if (!KeyNode) @@ -799,7 +799,7 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Open the parent */ Status = CmpDoOpen(Context->ChildHive.KeyHive, KeyCell, @@ -834,13 +834,13 @@ Context->ChildHive.KeyHive->BaseBlock->RootCell = ChildCell; } } - + /* Check if open or create suceeded */ if (NT_SUCCESS(Status)) { /* Mark the cell dirty */ HvMarkCellDirty(Context->ChildHive.KeyHive, ChildCell, FALSE); - + /* Get the key node */ KeyNode = HvGetCell(Context->ChildHive.KeyHive, ChildCell); if (!KeyNode) @@ -850,14 +850,14 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Release it */ HvReleaseCell(Context->ChildHive.KeyHive, ChildCell); - + /* Set the parent and flags */ KeyNode->Parent = LinkCell; KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE; - + /* Get the link node */ KeyNode = HvGetCell(Hive, LinkCell); if (!KeyNode) @@ -867,7 +867,7 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Set it up */ KeyNode->Signature = CM_LINK_NODE_SIGNATURE; KeyNode->Flags = KEY_HIVE_EXIT | KEY_NO_DELETE; @@ -876,7 +876,7 @@ if (KeyNode->NameLength < Name.Length) KeyNode->Flags |= KEY_COMP_NAME; KeQuerySystemTime(&TimeStamp); KeyNode->LastWriteTime = TimeStamp; - + /* Clear out the rest */ KeyNode->SubKeyCounts[Stable] = 0; KeyNode->SubKeyCounts[Volatile] = 0; @@ -885,12 +885,12 @@ KeyNode->ValueList.Count = 0; KeyNode->ValueList.List = HCELL_NIL; KeyNode->ClassLength = 0; - + /* Reference the root node */ KeyNode->ChildHiveReference.KeyHive = Context->ChildHive.KeyHive; KeyNode->ChildHiveReference.KeyCell = ChildCell; HvReleaseCell(Hive, LinkCell); - + /* Get the parent node */ KeyNode = HvGetCell(Hive, Cell); if (!KeyNode) @@ -900,14 +900,14 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Now add the subkey */ if (!CmpAddSubKey(Hive, Cell, LinkCell)) { /* Failure! We don't handle this yet! */ ASSERT(FALSE); } - + /* Get the key body */ KeyBody = (PCM_KEY_BODY)*Object; @@ -915,12 +915,12 @@ ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyCell == Cell); ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyHive == Hive); ASSERT(KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen == KeyNode->MaxNameLen); - + /* Update the timestamp */ KeQuerySystemTime(&TimeStamp); KeyNode->LastWriteTime = TimeStamp; KeyBody->KeyControlBlock->ParentKcb->KcbLastWriteTime = TimeStamp; - + /* Check if we need to update name maximum */ if (KeyNode->MaxNameLen < Name.Length) { @@ -928,14 +928,14 @@ KeyNode->MaxNameLen = Name.Length; KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen = Name.Length; } - + /* Check if we need toupdate class length maximum */ if (KeyNode->MaxClassLen < Context->Class.Length) { /* Update it */ KeyNode->MaxClassLen = Context->Class.Length; } - + /* Release the cell */ HvReleaseCell(Hive, Cell); } @@ -944,7 +944,7 @@ /* Release the link cell */ HvReleaseCell(Hive, LinkCell); } - + Exit: /* Release the flusher locks and return status */ return Status; @@ -965,11 +965,11 @@ ASSERT(*ReleaseHive != NULL); HvReleaseCell((*ReleaseHive), *ReleaseCell); } - + /* Get the link references */ *Hive = (*KeyNode)->ChildHiveReference.KeyHive; *Cell = (*KeyNode)->ChildHiveReference.KeyCell; - + /* Get the new node */ *KeyNode = (PCM_KEY_NODE)HvGetCell((*Hive), *Cell); if (*KeyNode) @@ -1004,10 +1004,10 @@ /* Calculate hash values */ *TotalRemainingSubkeys = 0xBAADF00D; - + /* Lock the registry */ CmpLockRegistry(); - + /* Return hive and cell data */ *Hive = (*Kcb)->KeyHive; *Cell = (*Kcb)->KeyCell; @@ -1060,7 +1060,7 @@ /* Fail if this isn't a key object */ if (ObjectType != CmpKeyObjectType) return STATUS_OBJECT_TYPE_MISMATCH; - + /* Copy the remaining name */ Current = *RemainingName; @@ -1070,10 +1070,13 @@ /* It isn't, so no context */ ParseContext = NULL; } - + /* Grab the KCB */ Kcb = ((PCM_KEY_BODY)ParseObject)->KeyControlBlock; + /* Sanity check */ + ASSERT(Kcb != NULL); + /* Fail if the key was marked as deleted */ if (Kcb->Delete) return STATUS_KEY_DELETED; @@ -1089,10 +1092,13 @@ &TotalSubkeys, NULL, &LockedKcbs); - + /* This is now the parent */ ParentKcb = Kcb; - + + /* Sanity check */ + ASSERT(ParentKcb != NULL); + /* Check if everything was found cached */ if (!TotalRemainingSubkeys) ASSERTMSG("Caching not implemented", FALSE); @@ -1127,7 +1133,7 @@ goto Quickie; } Current.MaximumLength += NextName.MaximumLength; - + /* Parse the symlink */ if (CmpGetSymbolicLink(Hive, CompleteName, @@ -1146,7 +1152,7 @@ /* We're done */ goto Quickie; } - + /* Get the key node */ Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell); if (!Node) @@ -1174,7 +1180,7 @@ Cell = NextCell; Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell); if (!Node) ASSERT(FALSE); - + /* Check if this was the last key */ if (Last) { @@ -1189,7 +1195,7 @@ &CellToRelease); if (!Node) ASSERT(FALSE); } - + /* Do the open */ Status = CmpDoOpen(Hive, Cell, @@ -1214,11 +1220,11 @@ Status = STATUS_OBJECT_NAME_NOT_FOUND; } } - + /* We are done */ break; } - + /* Is this an exit node */ if (Node->Flags & KEY_HIVE_EXIT) { @@ -1239,7 +1245,7 @@ 0, &NextName); if (!Kcb) ASSERT(FALSE); - + /* Dereference the parent and set the new one */ CmpDereferenceKeyControlBlock(ParentKcb); ParentKcb = Kcb; @@ -1275,7 +1281,7 @@ ParentKcb, Object); } - + /* Check for reparse (in this case, someone beat us) */ if (Status == STATUS_REPARSE) break; @@ -1295,7 +1301,7 @@ { /* Save the next name */ Current.Buffer = NextName.Buffer; - + /* Validate the current name string length */ if (Current.Length + NextName.Length > MAXUSHORT) { @@ -1304,7 +1310,7 @@ break; } Current.Length += NextName.Length; - + /* Validate the current name string maximum length */ if (Current.MaximumLength + NextName.MaximumLength > MAXUSHORT) { @@ -1313,7 +1319,7 @@ break; } Current.MaximumLength += NextName.MaximumLength; - + /* Parse the symlink */ if (CmpGetSymbolicLink(Hive, CompleteName, @@ -1363,7 +1369,7 @@ { /* Nothing to do */ } - + /* We're done */ break; } @@ -1378,7 +1384,7 @@ /* Dereference the parent if it exists */ Quickie: if (ParentKcb) CmpDereferenceKeyControlBlock(ParentKcb); - + /* Unlock the registry */ CmpUnlockRegistry(); return Status; Index: ntoskrnl/config/cmsysini.c =================================================================== --- ntoskrnl/config/cmsysini.c (révision 57398) +++ ntoskrnl/config/cmsysini.c (copie de travail) @@ -1104,7 +1104,7 @@ //ULONG RegStart; ULONG PrimaryDisposition, SecondaryDisposition, ClusterSize; PCMHIVE CmHive; - HANDLE PrimaryHandle, LogHandle; + HANDLE PrimaryHandle = NULL, LogHandle = NULL; NTSTATUS Status = STATUS_SUCCESS; PVOID ErrorParameters; PAGED_CODE(); Index: ntoskrnl/include/internal/cm.h =================================================================== --- ntoskrnl/include/internal/cm.h (révision 57398) +++ ntoskrnl/include/internal/cm.h (copie de travail) @@ -801,10 +801,10 @@ CmpOpenHiveFiles( IN PCUNICODE_STRING BaseName, IN PCWSTR Extension OPTIONAL, - IN PHANDLE Primary, - IN PHANDLE Log, - IN PULONG PrimaryDisposition, - IN PULONG LogDisposition, + OUT PHANDLE Primary, + OUT PHANDLE Log, + OUT PULONG PrimaryDisposition, + OUT PULONG LogDisposition, IN BOOLEAN CreateAllowed, IN BOOLEAN MarkAsSystemHive, IN BOOLEAN NoBuffering,