From 4f74cccd2d35e0059a83fe246837541775651824 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Thu, 9 Jun 2011 22:38:38 +0000
Subject: [PATCH] [AFD] - Cleanup the pending connection list before closing
 the FCB - Fixes yet another socket closure bug

svn path=/trunk/; revision=52166
---
 reactos/drivers/network/afd/afd/listen.c |  9 +--------
 reactos/drivers/network/afd/afd/main.c   | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/reactos/drivers/network/afd/afd/listen.c b/reactos/drivers/network/afd/afd/listen.c
index ad22f00a8bb..7e09535e12b 100644
--- a/reactos/drivers/network/afd/afd/listen.c
+++ b/reactos/drivers/network/afd/afd/listen.c
@@ -95,7 +95,7 @@ static NTSTATUS NTAPI ListenComplete
     NTSTATUS Status = STATUS_SUCCESS;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
-    PLIST_ENTRY NextIrpEntry, QeltEntry;
+    PLIST_ENTRY NextIrpEntry;
     PIRP NextIrp;
 
     if( !SocketAcquireStateLock( FCB ) )
@@ -115,13 +115,6 @@ static NTSTATUS NTAPI ListenComplete
 	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
         }
 
-        /* Free all pending connections */
-        while( !IsListEmpty( &FCB->PendingConnections ) ) {
-               QeltEntry = RemoveHeadList(&FCB->PendingConnections);
-               Qelt = CONTAINING_RECORD(QeltEntry, AFD_TDI_OBJECT_QELT, ListEntry);
-               ExFreePool(Qelt);
-        }
-
         /* Free ConnectionReturnInfo and ConnectionCallInfo */
         if (FCB->ListenIrp.ConnectionReturnInfo)
         {
diff --git a/reactos/drivers/network/afd/afd/main.c b/reactos/drivers/network/afd/afd/main.c
index 0e27f5021b2..bf981e3f542 100644
--- a/reactos/drivers/network/afd/afd/main.c
+++ b/reactos/drivers/network/afd/afd/main.c
@@ -394,6 +394,9 @@ AfdCloseSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
     PAFD_FCB FCB = FileObject->FsContext;
     UINT i;
     PAFD_IN_FLIGHT_REQUEST InFlightRequest[IN_FLIGHT_REQUESTS];
+    PAFD_TDI_OBJECT_QELT Qelt;
+    PLIST_ENTRY QeltEntry;
+    
 
     AFD_DbgPrint(MID_TRACE,
 		 ("AfdClose(DeviceObject %p Irp %p)\n", DeviceObject, Irp));
@@ -421,6 +424,24 @@ AfdCloseSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
 
     KillSelectsForFCB( FCB->DeviceExt, FileObject, FALSE );
 
+    ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_CONNECT]));
+    ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_SEND]));
+    ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_RECV]));
+    ASSERT(IsListEmpty(&FCB->PendingIrpList[FUNCTION_PREACCEPT]));
+
+    while (!IsListEmpty(&FCB->PendingConnections))
+    {
+        QeltEntry = RemoveHeadList(&FCB->PendingConnections);
+        Qelt = CONTAINING_RECORD(QeltEntry, AFD_TDI_OBJECT_QELT, ListEntry);
+
+        /* We have to close all pending connections or the listen won't get closed */
+        TdiDisassociateAddressFile(Qelt->Object.Object);
+        ObDereferenceObject(Qelt->Object.Object);
+        ZwClose(Qelt->Object.Handle);
+
+        ExFreePool(Qelt);
+    }
+
     SocketStateUnlock( FCB );
 
     if( FCB->EventSelect )