Index: drivers/storage/class/disk/disk.c
===================================================================
--- drivers/storage/class/disk/disk.c	(revision 74411)
+++ drivers/storage/class/disk/disk.c	(working copy)
@@ -3921,16 +3921,26 @@
                 ZwClose(targetKey);
 
                 if (!NT_SUCCESS(status)) {
+                    ExFreePool(keyData);
                     continue;
                 }
 
                 //
+                // Data too short
+                //
+
+                if (keyData->DataLength < 9 * sizeof(WCHAR)) {
+                    ExFreePool(keyData);
+                    continue;
+                }
+
+                //
                 // Complete unicode string.
                 //
 
                 identifier.Buffer =
                     (PWSTR)((PUCHAR)keyData + keyData->DataOffset);
-                identifier.Length = (USHORT)keyData->DataLength;
+                identifier.Length = (USHORT)keyData->DataLength - sizeof(WCHAR);
                 identifier.MaximumLength = (USHORT)keyData->DataLength;
 
                 //
@@ -3943,6 +3953,7 @@
                                                  TRUE);
 
                 if (!NT_SUCCESS(status)) {
+                    ExFreePool(keyData);
                     continue;
                 }