mirrors/reactos
0
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-04 00:43:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

[NTOSKRNL:FSRTL] Fix memory corruption when pruning tunnel cache

Browse Source
This commit is contained in:
Jérôme Gardou 2020-12-04 16:02:26 +01:00
parent 3ec3e1a7f6
commit 0db79d4aa9
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ntoskrnl/fsrtl/tunnel.c
View File

@ -42,7 +42,7 @@ FsRtlFreeTunnelNode(
{
if (PoolList)
{
/* divert the linked list entry, it's not required anymore, but we need it */
/* divert the linked list entry, it's not required anymore, but we need it */
InsertHeadList(PoolList, &CurEntry->TimerQueueEntry);
return;
}
@ -124,7 +124,8 @@ FsRtlPruneTunnelCache(
/* If we have too many entries */
while (Cache->NumEntries > TunnelMaxEntries)
{
CurEntry = CONTAINING_RECORD(Entry, TUNNEL_NODE_ENTRY, TimerQueueEntry);
ASSERT(!IsListEmpty(&Cache->TimerQueue));
CurEntry = CONTAINING_RECORD(Cache->TimerQueue.Flink, TUNNEL_NODE_ENTRY, TimerQueueEntry);
FsRtlRemoveNodeFromTunnel(Cache, CurEntry, PoolList, &Rebalance);
}
}
@ -477,7 +478,7 @@ FsRtlAddToTunnelCache(IN PTUNNEL Cache,
RtlInsertAsRightChild(RtlParent(CurEntry), NodeEntry);
}
}
/* remove entry */
RemoveEntryList(&((PTUNNEL_NODE_ENTRY)CurEntry)->TimerQueueEntry);