From 50844a88eba2c613ff4503bfba36b371c329f31c Mon Sep 17 00:00:00 2001
From: Alan Jowett <alanjo@microsoft.com>
Date: Mon, 29 Aug 2022 18:04:05 -0600
Subject: [PATCH] Fix leak of reference on WDFREQUEST (#1383)

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
---
 ebpfcore/ebpf_drv.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ebpfcore/ebpf_drv.c b/ebpfcore/ebpf_drv.c
index c18fc05dc..e6ae735dc 100644
--- a/ebpfcore/ebpf_drv.c
+++ b/ebpfcore/ebpf_drv.c
@@ -241,6 +241,7 @@ _ebpf_driver_io_device_control(
     const struct _ebpf_operation_header* user_request = NULL;
     struct _ebpf_operation_header* user_reply = NULL;
     bool async = false;
+    bool wdf_request_ref_acquired = false;
 
     device = WdfIoQueueGetDevice(queue);
 
@@ -309,6 +310,7 @@ _ebpf_driver_io_device_control(
                     WdfObjectReference(request);
                     async_context = request;
                     WdfRequestMarkCancelable(request, _ebpf_driver_io_device_control_cancel);
+                    wdf_request_ref_acquired = true;
                 }
 
                 status = ebpf_result_to_ntstatus(ebpf_core_invoke_protocol_handler(
@@ -333,10 +335,11 @@ _ebpf_driver_io_device_control(
 
 Done:
     if (status != STATUS_PENDING) {
-        if (async) {
+        if (wdf_request_ref_acquired) {
             ebpf_assert(status != STATUS_SUCCESS);
             // Async operation failed. Remove cancellable marker.
             (void)WdfRequestUnmarkCancelable(request);
+            WdfObjectDereference(request);
         }
         WdfRequestCompleteWithInformation(request, status, output_buffer_length);
     }