From a9aec290d9c7f09dd364e50f17a6622fba098c1a Mon Sep 17 00:00:00 2001 From: midipix Date: Dec 21 2022 02:09:36 +0000 Subject: __tt_fork_impl_v2(): do not leak child thread handle upon post-fork failure. --- diff --git a/src/process/ntapi_tt_fork_v2.c b/src/process/ntapi_tt_fork_v2.c index b7a2ad5..45fe9e8 100644 --- a/src/process/ntapi_tt_fork_v2.c +++ b/src/process/ntapi_tt_fork_v2.c @@ -16,10 +16,11 @@ #include #include "ntapi_impl.h" -static intptr_t __tt_fork_cancel(void * hprocess,int32_t status) +static intptr_t __tt_fork_cancel(void * hprocess,void * hthread,int32_t status) { __ntapi->zw_terminate_process(hprocess, status); __ntapi->zw_close(hprocess); + __ntapi->zw_close(hthread); return status; } @@ -115,12 +116,12 @@ static intptr_t __tt_fork_impl_v2( *hport_session, cid->process_id, 0,0,&timeout))) - return __tt_fork_cancel(*hprocess,status); + return __tt_fork_cancel(*hprocess,*hthread,status); /* [thou shalt remember the single step paradox] */ if ((status = __ntapi->zw_resume_thread( *hthread,0))) - return __tt_fork_cancel(*hprocess,status); + return __tt_fork_cancel(*hprocess,*hthread,status); /* hoppla */ return NT_STATUS_SUCCESS; @@ -158,11 +159,18 @@ int32_t __fastcall __ntapi_tt_fork_v2( if (cid->process_id == 0) { at_store(&__internals->hlock,0); - if ((status = __ntapi->tty_connect( - hport_session, - __internals->subsystem->base_named_objects, - NT_SECURITY_IMPERSONATION))) - return __tt_fork_cancel(NT_CURRENT_PROCESS_HANDLE,status); + status = __ntapi->tty_connect( + hport_session, + __internals->subsystem->base_named_objects, + NT_SECURITY_IMPERSONATION); + + if (status) { + __ntapi->zw_terminate_process( + NT_CURRENT_PROCESS_HANDLE, + status); + + return NT_STATUS_INTERNAL_ERROR; + } __internals->hdev_mount_point_mgr = 0; @@ -183,7 +191,7 @@ int32_t __fastcall __ntapi_tt_fork_v2( htty_connected, NT_SYNC_NON_ALERTABLE, 0))) - status = __tt_fork_cancel(*hprocess,status); + status = __tt_fork_cancel(*hprocess,*hthread,status); }