Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 21:32:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Make sure HeapAlloc returned a valid pointer

Browse source 
- Fix some memory leaks
 - Return a better status for STATUS_INSUFFICIENT_RESOURCES and STATUS_NO_MEMORY
 - Fix a potential null pointer dereference in SetSocketInformation and GetSocketInformation
 - Initialize RemoteAddress so we aren't trying to copy the remote address to 0
 - Found by Amine Khaldi

svn path=/trunk/; revision=42770
This commit is contained in:
Cameron Gutman 2009-08-18 18:53:10 +00:00
parent ab9f22b2e8
commit 5b91c1a754
2 changed files with 53 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

42
reactos/dll/win32/msafd/misc/dllmain.c
View file

@ -98,6 +98,9 @@ WSPSocket(int AddressFamily,
/* Set Socket Data */ /* Set Socket Data */
Socket = HeapAlloc(GlobalHeap, 0, sizeof(*Socket)); Socket = HeapAlloc(GlobalHeap, 0, sizeof(*Socket));
if (!Socket)
return MsafdReturnWithErrno(STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL);
RtlZeroMemory(Socket, sizeof(*Socket)); RtlZeroMemory(Socket, sizeof(*Socket));
Socket->RefCount = 2; Socket->RefCount = 2;
Socket->Handle = -1; Socket->Handle = -1;
@ -140,6 +143,9 @@ WSPSocket(int AddressFamily,
/* Set up EA Buffer */ /* Set up EA Buffer */
EABuffer = HeapAlloc(GlobalHeap, 0, SizeOfEA); EABuffer = HeapAlloc(GlobalHeap, 0, SizeOfEA);
if (!EABuffer)
return MsafdReturnWithErrno(STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL);
RtlZeroMemory(EABuffer, SizeOfEA); RtlZeroMemory(EABuffer, SizeOfEA);
EABuffer->NextEntryOffset = 0; EABuffer->NextEntryOffset = 0;
EABuffer->Flags = 0; EABuffer->Flags = 0;
@ -240,6 +246,8 @@ WSPSocket(int AddressFamily,
EABuffer, EABuffer,
SizeOfEA); SizeOfEA);
HeapFree(GlobalHeap, 0, EABuffer);
/* Save Handle */ /* Save Handle */
Socket->Handle = (SOCKET)Sock; Socket->Handle = (SOCKET)Sock;
@ -291,6 +299,9 @@ WSPSocket(int AddressFamily,
error: error:
AFD_DbgPrint(MID_TRACE,("Ending %x\n", Status)); AFD_DbgPrint(MID_TRACE,("Ending %x\n", Status));
if( Socket )
HeapFree(GlobalHeap, 0, Socket);
if( lpErrno ) if( lpErrno )
*lpErrno = Status; *lpErrno = Status;
@ -335,7 +346,7 @@ DWORD MsafdReturnWithErrno(NTSTATUS Status,
case STATUS_NO_MEMORY: /* Fall through to STATUS_INSUFFICIENT_RESOURCES */ case STATUS_NO_MEMORY: /* Fall through to STATUS_INSUFFICIENT_RESOURCES */
case STATUS_INSUFFICIENT_RESOURCES: case STATUS_INSUFFICIENT_RESOURCES:
DbgPrint("MSAFD: STATUS_NO_MEMORY/STATUS_INSUFFICIENT_RESOURCES\n"); DbgPrint("MSAFD: STATUS_NO_MEMORY/STATUS_INSUFFICIENT_RESOURCES\n");
*Errno = WSA_NOT_ENOUGH_MEMORY; *Errno = WSANOBUFS;
break; break;
case STATUS_INVALID_CONNECTION: case STATUS_INVALID_CONNECTION:
DbgPrint("MSAFD: STATUS_INVALID_CONNECTION\n"); DbgPrint("MSAFD: STATUS_INVALID_CONNECTION\n");
@ -1038,6 +1049,11 @@ WSPAccept(SOCKET Handle,
{ {
/* Allocate needed space */ /* Allocate needed space */
PendingData = HeapAlloc(GlobalHeap, 0, PendingDataLength); PendingData = HeapAlloc(GlobalHeap, 0, PendingDataLength);
if (!PendingData)
{
MsafdReturnWithErrno( STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL );
return INVALID_SOCKET;
}
/* We want the data now */ /* We want the data now */
PendingAcceptData.ReturnSize = FALSE; PendingAcceptData.ReturnSize = FALSE;
@ -1079,6 +1095,13 @@ WSPAccept(SOCKET Handle,
CalleeID.buf = (PVOID)Socket->LocalAddress; CalleeID.buf = (PVOID)Socket->LocalAddress;
CalleeID.len = Socket->SharedData.SizeOfLocalAddress; CalleeID.len = Socket->SharedData.SizeOfLocalAddress;
RemoteAddress = HeapAlloc(GlobalHeap, 0, sizeof(*RemoteAddress));
if (!RemoteAddress)
{
MsafdReturnWithErrno(STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL);
return INVALID_SOCKET;
}
/* Set up Address in SOCKADDR Format */ /* Set up Address in SOCKADDR Format */
RtlCopyMemory (RemoteAddress, RtlCopyMemory (RemoteAddress,
&ListenReceiveData->Address.Address[0].AddressType, &ListenReceiveData->Address.Address[0].AddressType,
@ -1097,6 +1120,10 @@ WSPAccept(SOCKET Handle,
{ {
/* Allocate Buffer for Callee Data */ /* Allocate Buffer for Callee Data */
CalleeDataBuffer = HeapAlloc(GlobalHeap, 0, 4096); CalleeDataBuffer = HeapAlloc(GlobalHeap, 0, 4096);
if (!CalleeDataBuffer) {
MsafdReturnWithErrno( STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL );
return INVALID_SOCKET;
}
CalleeData.buf = CalleeDataBuffer; CalleeData.buf = CalleeDataBuffer;
CalleeData.len = 4096; CalleeData.len = 4096;
} }
@ -1288,6 +1315,11 @@ WSPConnect(SOCKET Handle,
/* Get the Wildcard Address */ /* Get the Wildcard Address */
BindAddressLength = Socket->HelperData->MaxWSAddressLength; BindAddressLength = Socket->HelperData->MaxWSAddressLength;
BindAddress = HeapAlloc(GetProcessHeap(), 0, BindAddressLength); BindAddress = HeapAlloc(GetProcessHeap(), 0, BindAddressLength);
if (!BindAddress)
{
MsafdReturnWithErrno( STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL );
return INVALID_SOCKET;
}
Socket->HelperData->WSHGetWildcardSockaddr (Socket->HelperContext, Socket->HelperData->WSHGetWildcardSockaddr (Socket->HelperContext,
BindAddress, BindAddress,
&BindAddressLength); &BindAddressLength);
@ -1938,7 +1970,10 @@ GetSocketInformation(PSOCKET_INFORMATION Socket,
} }
/* Return Information */ /* Return Information */
if (Ulong != NULL)
{
*Ulong = InfoData.Information.Ulong; *Ulong = InfoData.Information.Ulong;
}
if (LargeInteger != NULL) if (LargeInteger != NULL)
{ {
*LargeInteger = InfoData.Information.LargeInteger; *LargeInteger = InfoData.Information.LargeInteger;
@ -1975,7 +2010,10 @@ SetSocketInformation(PSOCKET_INFORMATION Socket,
InfoData.InformationClass = AfdInformationClass; InfoData.InformationClass = AfdInformationClass;
/* Set Information */ /* Set Information */
if (Ulong != NULL)
{
InfoData.Information.Ulong = *Ulong; InfoData.Information.Ulong = *Ulong;
}
if (LargeInteger != NULL) if (LargeInteger != NULL)
{ {
InfoData.Information.LargeInteger = *LargeInteger; InfoData.Information.LargeInteger = *LargeInteger;
@ -2491,6 +2529,7 @@ SockReenableAsyncSelectEvent (IN PSOCKET_INFORMATION Socket,
/* Wait on new events */ /* Wait on new events */
AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(ASYNC_DATA)); AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(ASYNC_DATA));
if (!AsyncData) return;
/* Create the Asynch Thread if Needed */ /* Create the Asynch Thread if Needed */
SockCreateOrReferenceAsyncThread(); SockCreateOrReferenceAsyncThread();
@ -2538,6 +2577,7 @@ DllMain(HANDLE hInstDll,
/* Allocate Heap for 1024 Sockets, can be expanded later */ /* Allocate Heap for 1024 Sockets, can be expanded later */
Sockets = HeapAlloc(GetProcessHeap(), 0, sizeof(PSOCKET_INFORMATION) * 1024); Sockets = HeapAlloc(GetProcessHeap(), 0, sizeof(PSOCKET_INFORMATION) * 1024);
if (!Sockets) return FALSE;
AFD_DbgPrint(MAX_TRACE, ("MSAFD.DLL has been loaded\n")); AFD_DbgPrint(MAX_TRACE, ("MSAFD.DLL has been loaded\n"));

10
reactos/dll/win32/msafd/misc/sndrcv.c
View file

@ -32,6 +32,11 @@ WSPAsyncSelect(IN SOCKET Handle,
/* Allocate the Async Data Structure to pass on to the Thread later */ /* Allocate the Async Data Structure to pass on to the Thread later */
AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(*AsyncData)); AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(*AsyncData));
if (!AsyncData)
{
MsafdReturnWithErrno( STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL );
return INVALID_SOCKET;
}
/* Change the Socket to Non Blocking */ /* Change the Socket to Non Blocking */
BlockMode = 1; BlockMode = 1;
@ -533,6 +538,11 @@ WSPSendTo(SOCKET Handle,
/* Get the Wildcard Address */ /* Get the Wildcard Address */
BindAddressLength = Socket->HelperData->MaxWSAddressLength; BindAddressLength = Socket->HelperData->MaxWSAddressLength;
BindAddress = HeapAlloc(GlobalHeap, 0, BindAddressLength); BindAddress = HeapAlloc(GlobalHeap, 0, BindAddressLength);
if (!BindAddress)
{
MsafdReturnWithErrno( STATUS_INSUFFICIENT_RESOURCES, lpErrno, 0, NULL );
return INVALID_SOCKET;
}
Socket->HelperData->WSHGetWildcardSockaddr (Socket->HelperContext, Socket->HelperData->WSHGetWildcardSockaddr (Socket->HelperContext,
BindAddress, BindAddress,
&BindAddressLength); &BindAddressLength);