From 4db33690bf82dd7e266e76c6908cbb7cc3040e94 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 10 May 2026 11:11:11 +0000
Subject: [PATCH] ntoskrnl: Fix 6 resource leaks (object refs, locks, handles)

Agent-Logs-Url: https://github.com/tkreuzer/reactos/sessions/936bf91f-254e-4277-8d9f-a21f6c2ae0c2

Co-authored-by: tkreuzer <313067+tkreuzer@users.noreply.github.com>
---
 ntoskrnl/config/cmapi.c     | 6 +++++-
 ntoskrnl/io/iomgr/bootlog.c | 2 --
 ntoskrnl/io/iomgr/iofunc.c  | 6 +++++-
 ntoskrnl/io/pnpmgr/pnpmgr.c | 3 +--
 ntoskrnl/po/power.c         | 1 +
 ntoskrnl/ps/psmgr.c         | 1 +
 6 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/ntoskrnl/config/cmapi.c b/ntoskrnl/config/cmapi.c
index 2b36c10b3e55f..fd1eebd087667 100644
--- a/ntoskrnl/config/cmapi.c
+++ b/ntoskrnl/config/cmapi.c
@@ -41,7 +41,11 @@ CmpIsHiveAlreadyLoaded(IN HANDLE KeyHandle,
     if (!NT_SUCCESS(Status)) return Loaded;
 
     /* Don't touch deleted KCBs */
-    if (KeyBody->KeyControlBlock->Delete) return Loaded;
+    if (KeyBody->KeyControlBlock->Delete)
+    {
+        ObDereferenceObject(KeyBody);
+        return Loaded;
+    }
 
     Hive = CONTAINING_RECORD(KeyBody->KeyControlBlock->KeyHive, CMHIVE, Hive);
 
diff --git a/ntoskrnl/io/iomgr/bootlog.c b/ntoskrnl/io/iomgr/bootlog.c
index 4c262c4af037a..feb2044ee9c9b 100644
--- a/ntoskrnl/io/iomgr/bootlog.c
+++ b/ntoskrnl/io/iomgr/bootlog.c
@@ -232,8 +232,6 @@ IopCreateLogFile(VOID)
 
     DPRINT("IopSaveBootLogToFile() called\n");
 
-    ExAcquireResourceExclusiveLite(&IopBootLogResource, TRUE);
-
     RtlInitUnicodeString(&FileName,
                          L"\\SystemRoot\\rosboot.log");
     InitializeObjectAttributes(&ObjectAttributes,
diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c
index 64b692ea2aab2..a122540aedb10 100644
--- a/ntoskrnl/io/iomgr/iofunc.c
+++ b/ntoskrnl/io/iomgr/iofunc.c
@@ -1852,7 +1852,11 @@ NtLockFile(IN HANDLE FileHandle,
                                            PreviousMode,
                                            (PVOID *)&Event,
                                            NULL);
-        if (Status != STATUS_SUCCESS) return Status;
+        if (Status != STATUS_SUCCESS)
+        {
+            ObDereferenceObject(FileObject);
+            return Status;
+        }
         KeClearEvent(Event);
     }
 
diff --git a/ntoskrnl/io/pnpmgr/pnpmgr.c b/ntoskrnl/io/pnpmgr/pnpmgr.c
index 2b92983a9a0cc..c40851e289101 100644
--- a/ntoskrnl/io/pnpmgr/pnpmgr.c
+++ b/ntoskrnl/io/pnpmgr/pnpmgr.c
@@ -444,8 +444,7 @@ IopGetBusTypeGuidIndex(LPGUID BusTypeGuid)
 
         if (!NewList)
         {
-            /* Fail */
-            ExFreePool(PnpBusTypeGuidList);
+            /* Fail without destroying existing list data */
             goto Quickie;
         }
 
diff --git a/ntoskrnl/po/power.c b/ntoskrnl/po/power.c
index 18ba3f6e62b1a..189bc71aa9e70 100644
--- a/ntoskrnl/po/power.c
+++ b/ntoskrnl/po/power.c
@@ -349,6 +349,7 @@ PopSetSystemPowerState(SYSTEM_POWER_STATE PowerState, POWER_ACTION PowerAction)
         if (Fdo == DeviceObject)
         {
             DPRINT("An FDO was not attached\n");
+            ObDereferenceObject(Fdo);
             return STATUS_UNSUCCESSFUL;
         }
     }
diff --git a/ntoskrnl/ps/psmgr.c b/ntoskrnl/ps/psmgr.c
index 0d80257bd46cd..d884aed9e5f0d 100644
--- a/ntoskrnl/ps/psmgr.c
+++ b/ntoskrnl/ps/psmgr.c
@@ -223,6 +223,7 @@ PsLocateSystemDll(VOID)
                          &HardErrorParameters,
                          OptionOk,
                          &HardErrorResponse);
+        ZwClose(FileHandle);
         return Status;
     }