Unhandled Memory Allocation Failure / Invalid Write

[zachmse]

Openclos.c calls ExAllocatePoolWithTag (line 1955) without checking to see if the allocation was successful. In cases where allocation failed, the subsequent call to RtlAppendUnicodeToString (line 1957) results in an invalid write.

npcap/packetWin7/npf/npf/Openclos.c

Lines 1955 to 1957 in afd6abf

	pFiltMod->AdapterName.Buffer = ExAllocatePoolWithTag(NPF_NONPAGED, pFiltMod->AdapterName.MaximumLength, NPF_UNICODE_BUFFER_TAG);
	pFiltMod->AdapterName.Length = 0;
	RtlAppendUnicodeToString(&pFiltMod->AdapterName, AdapterName->Buffer + DEVICE_PATH_CCH);