From 34b99ea2a57b10b39fae61d6d46b3c33b34a89d2 Mon Sep 17 00:00:00 2001
From: Michael B <16905064+DownWithUp@users.noreply.github.com>
Date: Wed, 22 Aug 2018 21:58:58 -0400
Subject: [PATCH] Added Try+Except block for ProbeForRead

Possible security problem under double-fetch conditions. Microsoft says all ProbeForRead calls should be treated as if they could throw exceptions.  SRC: https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-probeforread
---
 src/Neo6/NDIS6.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/Neo6/NDIS6.c b/src/Neo6/NDIS6.c
index bdc7d65b..fc4f9cfd 100644
--- a/src/Neo6/NDIS6.c
+++ b/src/Neo6/NDIS6.c
@@ -634,18 +634,25 @@ NTSTATUS NeoNdisDispatch(DEVICE_OBJECT *DeviceObject, IRP *Irp)
 						{
 							MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
 						}
-
-						ProbeForRead(buf, NEO_EXCHANGE_BUFFER_SIZE, 1);
-
-						// Write
-						NeoWrite(buf);
-						Irp->IoStatus.Information = stack->Parameters.Write.Length;
-						ok = true;
-
-						if (mdl != NULL)
+						__try
 						{
+							ProbeForRead(buf, NEO_EXCHANGE_BUFFER_SIZE, 1);	
+						}
+						__except (EXCEPTION_EXECUTE_HANDLER)
+						{
+							check_ok = false;	
+						}
+						if (check_ok) {
+							// Write
+							NeoWrite(buf);
+							Irp->IoStatus.Information = stack->Parameters.Write.Length;
+							ok = true;
+
+							if (mdl != NULL)
+							{
 							MmUnlockPages(mdl);
 							IoFreeMdl(mdl);
+							}
 						}
 					}
 				}