You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Busy light code does not free memory on DevicePath in error path
While building up the list of busy light devices and filling the BUSYLIGHT_DEVICE structure, there are a couple of error paths where it will abandon the current device and not add it to the devices linked list. This means the error handling code must free all resources since they will not be freed later in kull_m_busylight_devices_free. There are a couple of paths where the duplicated DevicePath string is not freed.
Busy light code does not free memory on DevicePath in error path
While building up the list of busy light devices and filling the BUSYLIGHT_DEVICE structure, there are a couple of error paths where it will abandon the current device and not add it to the
deviceslinked list. This means the error handling code must free all resources since they will not be freed later inkull_m_busylight_devices_free. There are a couple of paths where the duplicatedDevicePathstring is not freed.if(*next = (PBUSYLIGHT_DEVICE) LocalAlloc(LPTR, sizeof(BUSYLIGHT_DEVICE))) { if(HidD_GetPreparsedData(deviceHandle, &PreparsedData)) { status = HidP_GetCaps(PreparsedData, &(*next)->hidCaps); if(!NT_SUCCESS(status)) PRINT_ERROR(L"HidP_GetCaps (%08x)\n", status); HidD_FreePreparsedData(PreparsedData); } (*next)->DevicePath = _wcsdup(DeviceInterfaceDetailData->DevicePath); (*next)->hidAttributes = attributes; (*next)->deviceId = deviceId; (*next)->dpi.box_sensivity = 4; (*next)->dpi.box_timeout = 4; (*next)->dpi.box_triggertime = 85; (*next)->id = id; (*next)->hBusy = CreateFile(DeviceInterfaceDetailData->DevicePath, FILE_READ_DATA | FILE_WRITE_DATA, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if((*next)->hBusy && ((*next)->hBusy != INVALID_HANDLE_VALUE)) { if(bAutoThread) { (*next)->dKeepAliveThread = 5000; if((*next)->hKeepAliveThread = CreateThread(NULL, 0, kull_m_busylight_keepAliveThread, *next, 0, NULL)) { next = &(*next)->next; id++; } else { PRINT_ERROR_AUTO(L"CreateThread (hKeepAliveThread)"); CloseHandle((*next)->hBusy); + if ((*next)->DevicePath)) free((*next)->DevicePath) LocalFree(*next); } } else { next = &(*next)->next; id++; } } else { PRINT_ERROR_AUTO(L"CreateFile (hBusy)"); + if ((*next)->DevicePath)) free((*next)->DevicePath) *next = (PBUSYLIGHT_DEVICE) LocalFree(*next); } }See:
mimikatz/modules/kull_m_busylight.c
Line 119 in baaa261
and:
mimikatz/modules/kull_m_busylight.c
Line 131 in baaa261
The text was updated successfully, but these errors were encountered: