mirror of
https://github.com/reactos/reactos.git
synced 2025-08-03 21:05:43 +00:00
- Fix null pointer dereferences
- Fix out of bounds array access - Check that we got a valid pointer from HeapAlloc - Don't close the caller's handle when we fail - Fix a memory leak - Found by Amine Khaldi svn path=/trunk/; revision=42774
This commit is contained in:
Cameron Gutman
parent
e74d2c5ce4
commit
3263e1f67a
5 changed files with 36 additions and 18 deletions
|
|
@ -582,6 +582,8 @@ const char *getInterfaceNameByIndex(DWORD index)
|
||||||
|
|
||||||
interfaceName = HeapAlloc( GetProcessHeap(), 0,
|
interfaceName = HeapAlloc( GetProcessHeap(), 0,
|
||||||
strlen(adapter_name) + 1 );
|
strlen(adapter_name) + 1 );
|
||||||
|
if (!interfaceName) return NULL;
|
||||||
|
|
||||||
strcpy( interfaceName, adapter_name );
|
strcpy( interfaceName, adapter_name );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -847,15 +849,14 @@ DWORD getInterfaceEntryByIndex(DWORD index, PMIB_IFROW entry)
|
||||||
|
|
||||||
char *toIPAddressString(unsigned int addr, char string[16])
|
char *toIPAddressString(unsigned int addr, char string[16])
|
||||||
{
|
{
|
||||||
if (string) {
|
|
||||||
struct in_addr iAddr;
|
struct in_addr iAddr;
|
||||||
|
|
||||||
iAddr.s_addr = addr;
|
iAddr.s_addr = addr;
|
||||||
/* extra-anal, just to make auditors happy */
|
|
||||||
strncpy(string, inet_ntoa(iAddr), 16);
|
if (string)
|
||||||
string[16] = '\0';
|
strncpy(string, inet_ntoa(iAddr), 16);
|
||||||
}
|
|
||||||
return string;
|
return inet_ntoa(iAddr);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS addIPAddress( IPAddr Address, IPMask Mask, DWORD IfIndex,
|
NTSTATUS addIPAddress( IPAddr Address, IPMask Mask, DWORD IfIndex,
|
||||||
|
|
|
||||||
|
|
@ -102,6 +102,7 @@ DWORD getInterfaceGatewayByIndex(DWORD index)
|
||||||
{
|
{
|
||||||
DWORD ndx, retVal = 0, numRoutes = getNumRoutes();
|
DWORD ndx, retVal = 0, numRoutes = getNumRoutes();
|
||||||
RouteTable *table = getRouteTable();
|
RouteTable *table = getRouteTable();
|
||||||
|
if (!table) return 0;
|
||||||
|
|
||||||
for (ndx = 0; ndx < numRoutes; ndx++)
|
for (ndx = 0; ndx < numRoutes; ndx++)
|
||||||
{
|
{
|
||||||
|
|
@ -645,9 +646,12 @@ DWORD WINAPI GetAdaptersInfo(PIP_ADAPTER_INFO pAdapterInfo, PULONG pOutBufLen)
|
||||||
DWORD addrLen = sizeof(ptr->Address), type;
|
DWORD addrLen = sizeof(ptr->Address), type;
|
||||||
const char *ifname =
|
const char *ifname =
|
||||||
getInterfaceNameByIndex(table->indexes[ndx]);
|
getInterfaceNameByIndex(table->indexes[ndx]);
|
||||||
|
if (!ifname) {
|
||||||
|
ret = ERROR_OUTOFMEMORY;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
/* on Win98 this is left empty, but whatever */
|
/* on Win98 this is left empty, but whatever */
|
||||||
|
|
||||||
strncpy(ptr->AdapterName,ifname,sizeof(ptr->AdapterName));
|
strncpy(ptr->AdapterName,ifname,sizeof(ptr->AdapterName));
|
||||||
consumeInterfaceName(ifname);
|
consumeInterfaceName(ifname);
|
||||||
ptr->AdapterName[MAX_ADAPTER_NAME_LENGTH] = '\0';
|
ptr->AdapterName[MAX_ADAPTER_NAME_LENGTH] = '\0';
|
||||||
|
|
@ -983,9 +987,9 @@ DWORD WINAPI GetInterfaceInfo(PIP_INTERFACE_INFO pIfTable, PULONG dwOutBufLen)
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
InterfaceIndexTable *table = getNonLoopbackInterfaceIndexTable();
|
InterfaceIndexTable *table = getNonLoopbackInterfaceIndexTable();
|
||||||
TRACE("table->numIndexes == 0x%x\n", table->numIndexes);
|
|
||||||
|
|
||||||
if (table) {
|
if (table) {
|
||||||
|
TRACE("table->numIndexes == 0x%x\n", table->numIndexes);
|
||||||
size = sizeof(IP_INTERFACE_INFO) + (table->numIndexes) *
|
size = sizeof(IP_INTERFACE_INFO) + (table->numIndexes) *
|
||||||
sizeof(IP_ADAPTER_INDEX_MAP);
|
sizeof(IP_ADAPTER_INDEX_MAP);
|
||||||
if (*dwOutBufLen < size) {
|
if (*dwOutBufLen < size) {
|
||||||
|
|
|
||||||
|
|
@ -459,6 +459,10 @@ RouteTable *getRouteTable(void)
|
||||||
out_route_table = HeapAlloc( GetProcessHeap(), 0,
|
out_route_table = HeapAlloc( GetProcessHeap(), 0,
|
||||||
sizeof(RouteTable) +
|
sizeof(RouteTable) +
|
||||||
(sizeof(RouteEntry) * (numRoutes - 1)) );
|
(sizeof(RouteEntry) * (numRoutes - 1)) );
|
||||||
|
if (!out_route_table) {
|
||||||
|
closeTcpFile(tcpFile);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
out_route_table->numRoutes = numRoutes;
|
out_route_table->numRoutes = numRoutes;
|
||||||
|
|
||||||
|
|
@ -586,6 +590,10 @@ PMIB_IPNETTABLE getArpTable(void)
|
||||||
IpArpTable = HeapAlloc
|
IpArpTable = HeapAlloc
|
||||||
( GetProcessHeap(), 0,
|
( GetProcessHeap(), 0,
|
||||||
sizeof(DWORD) + (sizeof(MIB_IPNETROW) * totalNumber) );
|
sizeof(DWORD) + (sizeof(MIB_IPNETROW) * totalNumber) );
|
||||||
|
if (!IpArpTable) {
|
||||||
|
closeTcpFile(tcpFile);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
status = tdiGetEntityIDSet( tcpFile, &entitySet, &numEntities );
|
status = tdiGetEntityIDSet( tcpFile, &entitySet, &numEntities );
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -44,18 +44,19 @@ PWCHAR GetNthChildKeyName( HANDLE RegHandle, DWORD n ) {
|
||||||
PWCHAR Value;
|
PWCHAR Value;
|
||||||
DWORD ValueLen;
|
DWORD ValueLen;
|
||||||
|
|
||||||
if (MaxAdapterName == -1) {
|
if (MaxAdapterName == -1)
|
||||||
RegCloseKey( RegHandle );
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
|
|
||||||
ValueLen = MaxAdapterName;
|
ValueLen = MaxAdapterName;
|
||||||
Value = (PWCHAR)HeapAlloc( GetProcessHeap(), 0, MaxAdapterName * sizeof(WCHAR) );
|
Value = (PWCHAR)HeapAlloc( GetProcessHeap(), 0, MaxAdapterName * sizeof(WCHAR) );
|
||||||
|
if (!Value) return 0;
|
||||||
|
|
||||||
Status = RegEnumKeyExW( RegHandle, n, Value, &ValueLen,
|
Status = RegEnumKeyExW( RegHandle, n, Value, &ValueLen,
|
||||||
NULL, NULL, NULL, NULL );
|
NULL, NULL, NULL, NULL );
|
||||||
if (Status != ERROR_SUCCESS)
|
if (Status != ERROR_SUCCESS) {
|
||||||
|
HeapFree(GetProcessHeap(), 0, Value);
|
||||||
return 0;
|
return 0;
|
||||||
else {
|
} else {
|
||||||
Value[ValueLen] = 0;
|
Value[ValueLen] = 0;
|
||||||
return Value;
|
return Value;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -151,11 +151,13 @@ void EnumNameServers( HANDLE RegHandle, PWCHAR Interface,
|
||||||
}
|
}
|
||||||
if (ch - LastNameStart > 0) { /* A last name? */
|
if (ch - LastNameStart > 0) { /* A last name? */
|
||||||
PWCHAR NameServer = malloc(((ch - LastNameStart) + 1) * sizeof(WCHAR));
|
PWCHAR NameServer = malloc(((ch - LastNameStart) + 1) * sizeof(WCHAR));
|
||||||
memcpy(NameServer,NameServerString + LastNameStart,
|
if (NameServer) {
|
||||||
(ch - LastNameStart) * sizeof(WCHAR));
|
memcpy(NameServer,NameServerString + LastNameStart,
|
||||||
NameServer[ch - LastNameStart] = 0;
|
(ch - LastNameStart) * sizeof(WCHAR));
|
||||||
cb( Interface, NameServer, Data );
|
NameServer[ch - LastNameStart] = 0;
|
||||||
free(NameServer);
|
cb( Interface, NameServer, Data );
|
||||||
|
free(NameServer);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ConsumeRegValueString(NameServerString);
|
ConsumeRegValueString(NameServerString);
|
||||||
}
|
}
|
||||||
|
|
@ -223,6 +225,8 @@ PIPHLP_RES_INFO getResInfo() {
|
||||||
|
|
||||||
PrivateNSEnum.NumServers = ServerCount;
|
PrivateNSEnum.NumServers = ServerCount;
|
||||||
DnsList = HeapAlloc(GetProcessHeap(), 0, ServerCount * sizeof(IP_ADDR_STRING));
|
DnsList = HeapAlloc(GetProcessHeap(), 0, ServerCount * sizeof(IP_ADDR_STRING));
|
||||||
|
if (!DnsList) return NULL;
|
||||||
|
|
||||||
ZeroMemory(DnsList, ServerCount * sizeof(IP_ADDR_STRING));
|
ZeroMemory(DnsList, ServerCount * sizeof(IP_ADDR_STRING));
|
||||||
|
|
||||||
ResInfo = (PIPHLP_RES_INFO)RtlAllocateHeap ( GetProcessHeap(), 0, sizeof(IPHLP_RES_INFO));
|
ResInfo = (PIPHLP_RES_INFO)RtlAllocateHeap ( GetProcessHeap(), 0, sizeof(IPHLP_RES_INFO));
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue