Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 01:45:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

[TRACERT] Fix undefined behavior by fixing ReplyBuffer size. (#2422)

Browse source 
CORE-16620
This commit is contained in:
Erdem Ersoy 2020-03-08 21:36:07 +03:00 committed by GitHub
parent 29c1089983
commit 0ddf0a06c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

20
base/applications/network/tracert/tracert.cpp
View file

@ -377,31 +377,31 @@ RunTraceRoute()
} }
BYTE SendBuffer[PACKET_SIZE]; BYTE SendBuffer[PACKET_SIZE];
ICMPV6_ECHO_REPLY ReplyBufferv6;
#ifdef _WIN64
ICMP_ECHO_REPLY32 ReplyBufferv432;
#else
ICMP_ECHO_REPLY ReplyBufferv4;
#endif
PVOID ReplyBuffer; PVOID ReplyBuffer;
DWORD ReplySize = PACKET_SIZE + SIZEOF_ICMP_ERROR + SIZEOF_IO_STATUS_BLOCK; DWORD ReplySize = PACKET_SIZE + SIZEOF_ICMP_ERROR + SIZEOF_IO_STATUS_BLOCK;
if (Info.Family == AF_INET6) if (Info.Family == AF_INET6)
{ {
ReplyBuffer = &ReplyBufferv6;
ReplySize += sizeof(ICMPV6_ECHO_REPLY); ReplySize += sizeof(ICMPV6_ECHO_REPLY);
} }
else else
{ {
#ifdef _WIN64 #ifdef _WIN64
ReplyBuffer = &ReplyBufferv432;
ReplySize += sizeof(ICMP_ECHO_REPLY32); ReplySize += sizeof(ICMP_ECHO_REPLY32);
#else #else
ReplyBuffer = &ReplyBufferv4;
ReplySize += sizeof(ICMP_ECHO_REPLY); ReplySize += sizeof(ICMP_ECHO_REPLY);
#endif #endif
} }
HANDLE heap = GetProcessHeap();
ReplyBuffer = HeapAlloc(heap, HEAP_ZERO_MEMORY, ReplySize);
if (ReplyBuffer == NULL)
{
FreeAddrInfoW(Info.Target);
return false;
}
if (Info.Family == AF_INET6) if (Info.Family == AF_INET6)
{ {
Info.hIcmpFile = Icmp6CreateFile(); Info.hIcmpFile = Icmp6CreateFile();
@ -412,6 +412,7 @@ RunTraceRoute()
} }
if (Info.hIcmpFile == INVALID_HANDLE_VALUE) if (Info.hIcmpFile == INVALID_HANDLE_VALUE)
{ {
HeapFree(heap, 0, ReplyBuffer);
FreeAddrInfoW(Info.Target); FreeAddrInfoW(Info.Target);
return false; return false;
} }
@ -486,6 +487,7 @@ RunTraceRoute()
OutputText(IDS_TRACE_COMPLETE); OutputText(IDS_TRACE_COMPLETE);
HeapFree(heap, 0, ReplyBuffer);
FreeAddrInfoW(Info.Target); FreeAddrInfoW(Info.Target);
if (Info.hIcmpFile) if (Info.hIcmpFile)
{ {