Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 06:22:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MSAFD]

Browse source 
- Correctly handle an arbitrarily large sockaddr in WSPConnect. Fixes mIRC 7.1x crash on connect
See issue #6005 for more details.

svn path=/trunk/; revision=53962
This commit is contained in:
Thomas Faber 2011-10-03 15:23:51 +00:00
parent ae8fa62fc7
commit 29b651a1fe
1 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

28
reactos/dll/win32/msafd/misc/dllmain.c
View file

@ -1431,16 +1431,16 @@ WSPConnect(SOCKET Handle,
LPINT lpErrno) LPINT lpErrno)
{ {
IO_STATUS_BLOCK IOSB; IO_STATUS_BLOCK IOSB;
PAFD_CONNECT_INFO ConnectInfo; PAFD_CONNECT_INFO ConnectInfo = NULL;
PSOCKET_INFORMATION Socket = NULL; PSOCKET_INFORMATION Socket;
NTSTATUS Status; NTSTATUS Status;
INT Errno; INT Errno;
UCHAR ConnectBuffer[0x22];
ULONG ConnectDataLength; ULONG ConnectDataLength;
ULONG InConnectDataLength; ULONG InConnectDataLength;
INT BindAddressLength; INT BindAddressLength;
PSOCKADDR BindAddress; PSOCKADDR BindAddress;
HANDLE SockEvent; HANDLE SockEvent;
int SocketDataLength;
Status = NtCreateEvent(&SockEvent, Status = NtCreateEvent(&SockEvent,
GENERIC_READ | GENERIC_WRITE, GENERIC_READ | GENERIC_WRITE,
@ -1506,16 +1506,26 @@ WSPConnect(SOCKET Handle,
goto notify; goto notify;
} }
/* Dynamic Structure...ugh */ /* Calculate the size of SocketAddress->sa_data */
ConnectInfo = (PAFD_CONNECT_INFO)ConnectBuffer; SocketDataLength = SocketAddressLength - FIELD_OFFSET(struct sockaddr, sa_data);
/* Allocate a connection info buffer with SocketDataLength bytes of payload */
ConnectInfo = HeapAlloc(GetProcessHeap(), 0,
FIELD_OFFSET(AFD_CONNECT_INFO,
RemoteAddress.Address[0].Address[SocketDataLength]));
if (!ConnectInfo)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto notify;
}
/* Set up Address in TDI Format */ /* Set up Address in TDI Format */
ConnectInfo->RemoteAddress.TAAddressCount = 1; ConnectInfo->RemoteAddress.TAAddressCount = 1;
ConnectInfo->RemoteAddress.Address[0].AddressLength = SocketAddressLength - sizeof(SocketAddress->sa_family); ConnectInfo->RemoteAddress.Address[0].AddressLength = SocketDataLength;
ConnectInfo->RemoteAddress.Address[0].AddressType = SocketAddress->sa_family; ConnectInfo->RemoteAddress.Address[0].AddressType = SocketAddress->sa_family;
RtlCopyMemory (ConnectInfo->RemoteAddress.Address[0].Address, RtlCopyMemory(ConnectInfo->RemoteAddress.Address[0].Address,
SocketAddress->sa_data, SocketAddress->sa_data,
SocketAddressLength - sizeof(SocketAddress->sa_family)); SocketDataLength);
/* /*
* Disable FD_WRITE and FD_CONNECT * Disable FD_WRITE and FD_CONNECT
@ -1613,6 +1623,8 @@ WSPConnect(SOCKET Handle,
AFD_DbgPrint(MID_TRACE,("Ending\n")); AFD_DbgPrint(MID_TRACE,("Ending\n"));
notify: notify:
if (ConnectInfo) HeapFree(GetProcessHeap(), 0, ConnectInfo);
/* Re-enable Async Event */ /* Re-enable Async Event */
SockReenableAsyncSelectEvent(Socket, FD_WRITE); SockReenableAsyncSelectEvent(Socket, FD_WRITE);