__tt_fork_impl_v2(): do not leak child thread handle upon post-fork failure.

1 files changed, 17 insertions, 9 deletions

diff --git a/src/process/ntapi_tt_fork_v2.c b/src/process/ntapi_tt_fork_v2.c
index b7a2ad5..45fe9e8 100644
--- a/src/process/ntapi_tt_fork_v2.c
+++ b/src/process/ntapi_tt_fork_v2.c
@@ -16,10 +16,11 @@
 #include <ntapi/ntapi.h>
 #include "ntapi_impl.h"
 
-static intptr_t __tt_fork_cancel(void * hprocess,int32_t status)
+static intptr_t __tt_fork_cancel(void * hprocess,void * hthread,int32_t status)
 {
 	__ntapi->zw_terminate_process(hprocess, status);
 	__ntapi->zw_close(hprocess);
+	__ntapi->zw_close(hthread);
 	return status;
 }
 
@@ -115,12 +116,12 @@ static intptr_t __tt_fork_impl_v2(
 				*hport_session,
 				cid->process_id,
 				0,0,&timeout)))
-			return __tt_fork_cancel(*hprocess,status);
+			return __tt_fork_cancel(*hprocess,*hthread,status);
 
 	/* [thou shalt remember the single step paradox] */
 	if ((status = __ntapi->zw_resume_thread(
 			*hthread,0)))
-		return __tt_fork_cancel(*hprocess,status);
+		return __tt_fork_cancel(*hprocess,*hthread,status);
 
 	/* hoppla */
 	return NT_STATUS_SUCCESS;
@@ -158,11 +159,18 @@ int32_t __fastcall __ntapi_tt_fork_v2(
 	if (cid->process_id == 0) {
 		at_store(&__internals->hlock,0);
 
-		if ((status = __ntapi->tty_connect(
-				hport_session,
-				__internals->subsystem->base_named_objects,
-				NT_SECURITY_IMPERSONATION)))
-			return __tt_fork_cancel(NT_CURRENT_PROCESS_HANDLE,status);
+		status = __ntapi->tty_connect(
+			hport_session,
+			__internals->subsystem->base_named_objects,
+			NT_SECURITY_IMPERSONATION);
+
+		if (status) {
+			__ntapi->zw_terminate_process(
+				NT_CURRENT_PROCESS_HANDLE,
+				status);
+
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 
 		__internals->hdev_mount_point_mgr = 0;
 
@@ -183,7 +191,7 @@ int32_t __fastcall __ntapi_tt_fork_v2(
 					htty_connected,
 					NT_SYNC_NON_ALERTABLE,
 					0)))
-				status = __tt_fork_cancel(*hprocess,status);
+				status = __tt_fork_cancel(*hprocess,*hthread,status);
 	}