[NTOS:IO] Properly zero-initialize a file object created by IopParseDevice (#4931)

Fix uninitialized kernel memory leakage for a case when a file object extension is appended. CORE-18711
2024-11-27 21:43:32 +08:00 · 2022-12-07 23:15:42 +01:00 · 2022-12-07 23:15:42 +01:00 · 82cf6c2b06
commit 82cf6c2b06
parent 1341c384f2
1 changed files with 2 additions and 1 deletions
--- a/ntoskrnl/io/iomgr/file.c
+++ b/ntoskrnl/io/iomgr/file.c
@ -857,7 +857,7 @@ IopParseDevice(IN PVOID ParseObject,
            }

            /* Clear the file object */
-            RtlZeroMemory(FileObject, sizeof(FILE_OBJECT));
+            RtlZeroMemory(FileObject, ObjectSize);

            /* Check if this is Synch I/O */
            if (OpenPacket->CreateOptions &
@ -917,6 +917,7 @@ IopParseDevice(IN PVOID ParseObject,
                /* Make sure the file object knows it has an extension */
                FileObject->Flags |= FO_FILE_OBJECT_HAS_EXTENSION;

+                /* Initialize file object extension */
                FileObjectExtension = (PFILE_OBJECT_EXTENSION)(FileObject + 1);
                FileObject->FileObjectExtension = FileObjectExtension;