From 2e1aeb12dfd8b44b4b57d377b59ef347dfe3386e Mon Sep 17 00:00:00 2001
From: Thomas Brogan <brogan.tom.iii@gmail.com>
Date: Tue, 28 Jul 2020 00:08:00 +0300
Subject: [PATCH] [TCPIP] Add NULL checks in DispTdiQueryInformation.
 CORE-12274

Add additional NULL checks to DispTdiQueryInformation,
which return STATUS_INVALID_PARAMETER.

Co-authored-by: Peter Hater <7element@mail.bg>
---
 drivers/network/tcpip/tcpip/dispatch.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/drivers/network/tcpip/tcpip/dispatch.c b/drivers/network/tcpip/tcpip/dispatch.c
index bb3625c731c..da2a00ba5bd 100644
--- a/drivers/network/tcpip/tcpip/dispatch.c
+++ b/drivers/network/tcpip/tcpip/dispatch.c
@@ -711,6 +711,12 @@ NTSTATUS DispTdiQueryInformation(
         switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) {
           case TDI_TRANSPORT_ADDRESS_FILE:
             AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle;
+            if (AddrFile == NULL)
+            {
+                TI_DbgPrint(MIN_TRACE, ("FIXME: No address file object.\n"));
+                ASSERT(AddrFile != NULL);
+                return STATUS_INVALID_PARAMETER;
+            }
 
 			Address->TAAddressCount = 1;
 			Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
@@ -725,6 +731,12 @@ NTSTATUS DispTdiQueryInformation(
           case TDI_CONNECTION_FILE:
             Endpoint =
 				(PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
+            if (Endpoint == NULL || Endpoint->AddressFile == NULL)
+            {
+                TI_DbgPrint(MIN_TRACE, ("FIXME: No connection endpoint file object.\n"));
+                ASSERT(Endpoint != NULL && Endpoint->AddressFile != NULL);
+                return STATUS_INVALID_PARAMETER;
+            }
 
             Address->TAAddressCount = 1;
             Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;