Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-22 08:23:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: FspPropagateTopFlags: check TopLevelIrp not completed

Browse Source 
Add a check to verify that the TopLevelIrp has not been completed. This
became necessary because on recent Windows kernels, IRP's can have "IRP
extensions", which are freed when an IRP is completed. This can trigger
a recursive CLOSE with a top-level IRP that has been completed, which
can bugcheck the system.

Case in point: the new (Win11) NtCopyFileChunk creates IRP's with
COPY_INFORMATION attached. Upon completion of such an IRP the
SourceFileObject is freed, which results in a recursive IRP_MJ_CLOSE
with a completed top-level IRP, which would lead to a BSOD.
This commit is contained in:
Bill Zissimopoulos 2023-08-29 13:15:37 +01:00
parent 6fb72555d3
commit a482183149
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/sys/callbacks.c
View File

@ -324,7 +324,9 @@ VOID FspPropagateTopFlags(PIRP Irp, PIRP TopLevelIrp)
FspFileNodeAcquireMain : FspFileNodeAcquireMain :
FspFileNodeAcquireFull); FspFileNodeAcquireFull);
} }
else if ((PIRP)MM_SYSTEM_RANGE_START <= TopLevelIrp && IO_TYPE_IRP == TopLevelIrp->Type) else if ((PIRP)MM_SYSTEM_RANGE_START <= TopLevelIrp &&
IO_TYPE_IRP == TopLevelIrp->Type &&
TopLevelIrp->CurrentLocation <= TopLevelIrp->StackCount)
{ {
PFILE_OBJECT FileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject; PFILE_OBJECT FileObject = IoGetCurrentIrpStackLocation(Irp)->FileObject;
PFILE_OBJECT TopLevelFileObject = IoGetCurrentIrpStackLocation(TopLevelIrp)->FileObject; PFILE_OBJECT TopLevelFileObject = IoGetCurrentIrpStackLocation(TopLevelIrp)->FileObject;