mirror of
https://github.com/reactos/reactos.git
synced 2024-09-30 22:47:28 +00:00
[TCPIP]
- Fix the broken TDI_QUERY_CONNECTION_INFO implementation - Perform buffer size checks on TDI_QUERY_MAX_DATAGRAM_INFO requests [AFD] - Greatly simplify AfdGetPeerName by using the remote address stored while connecting svn path=/trunk/; revision=52698
This commit is contained in:
parent
0ef6eb1c56
commit
6195434c6b
|
@ -236,60 +236,27 @@ AfdGetSockName( PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
|||
NTSTATUS NTAPI
|
||||
AfdGetPeerName( PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
||||
PIO_STACK_LOCATION IrpSp ) {
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
NTSTATUS Status;
|
||||
PFILE_OBJECT FileObject = IrpSp->FileObject;
|
||||
PAFD_FCB FCB = FileObject->FsContext;
|
||||
PMDL Mdl = NULL;
|
||||
PTDI_CONNECTION_INFORMATION ConnInfo = NULL;
|
||||
|
||||
|
||||
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
|
||||
|
||||
if (FCB->RemoteAddress == NULL || FCB->Connection.Object == NULL) {
|
||||
if (FCB->RemoteAddress == NULL) {
|
||||
AFD_DbgPrint(MIN_TRACE,("Invalid parameter\n"));
|
||||
return UnlockAndMaybeComplete( FCB, STATUS_INVALID_PARAMETER, Irp, 0 );
|
||||
}
|
||||
|
||||
if(NT_SUCCESS(Status = TdiBuildNullConnectionInfo
|
||||
(&ConnInfo,
|
||||
FCB->RemoteAddress->Address[0].AddressType)))
|
||||
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= TaLengthOfTransportAddress(FCB->RemoteAddress))
|
||||
{
|
||||
Mdl = IoAllocateMdl(ConnInfo,
|
||||
sizeof(TDI_CONNECTION_INFORMATION) +
|
||||
TaLengthOfTransportAddress(ConnInfo->RemoteAddress),
|
||||
FALSE,
|
||||
FALSE,
|
||||
NULL);
|
||||
|
||||
if (Mdl)
|
||||
{
|
||||
_SEH2_TRY {
|
||||
MmProbeAndLockPages(Mdl, KernelMode, IoModifyAccess);
|
||||
} _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
|
||||
AFD_DbgPrint(MIN_TRACE, ("MmProbeAndLockPages() failed.\n"));
|
||||
Status = _SEH2_GetExceptionCode();
|
||||
} _SEH2_END;
|
||||
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
Status = TdiQueryInformation(FCB->Connection.Object,
|
||||
TDI_QUERY_CONNECTION_INFO,
|
||||
Mdl);
|
||||
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= TaLengthOfTransportAddress(ConnInfo->RemoteAddress))
|
||||
RtlCopyMemory(Irp->UserBuffer, ConnInfo->RemoteAddress, TaLengthOfTransportAddress(ConnInfo->RemoteAddress));
|
||||
RtlCopyMemory(Irp->UserBuffer, FCB->RemoteAddress, TaLengthOfTransportAddress(FCB->RemoteAddress));
|
||||
Status = STATUS_SUCCESS;
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
AFD_DbgPrint(MIN_TRACE,("Buffer too small\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ExFreePool(ConnInfo);
|
||||
Status = STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
return UnlockAndMaybeComplete( FCB, Status, Irp, 0 );
|
||||
|
|
|
@ -759,47 +759,41 @@ NTSTATUS DispTdiQueryInformation(
|
|||
|
||||
case TDI_QUERY_CONNECTION_INFO:
|
||||
{
|
||||
PTDI_CONNECTION_INFORMATION AddressInfo;
|
||||
PADDRESS_FILE AddrFile;
|
||||
PCONNECTION_ENDPOINT Endpoint = NULL;
|
||||
PTDI_CONNECTION_INFO ConnectionInfo;
|
||||
PCONNECTION_ENDPOINT Endpoint;
|
||||
|
||||
if (MmGetMdlByteCount(Irp->MdlAddress) <
|
||||
(FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
|
||||
sizeof(PVOID))) {
|
||||
TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
|
||||
if (MmGetMdlByteCount(Irp->MdlAddress) < sizeof(*ConnectionInfo)) {
|
||||
TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
|
||||
return STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
AddressInfo = (PTDI_CONNECTION_INFORMATION)
|
||||
ConnectionInfo = (PTDI_CONNECTION_INFO)
|
||||
MmGetSystemAddressForMdl(Irp->MdlAddress);
|
||||
|
||||
switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) {
|
||||
case TDI_TRANSPORT_ADDRESS_FILE:
|
||||
AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle;
|
||||
Endpoint = AddrFile ? AddrFile->Connection : NULL;
|
||||
break;
|
||||
|
||||
case TDI_CONNECTION_FILE:
|
||||
Endpoint =
|
||||
(PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
|
||||
break;
|
||||
RtlZeroMemory(ConnectionInfo, sizeof(*ConnectionInfo));
|
||||
return STATUS_SUCCESS;
|
||||
|
||||
default:
|
||||
TI_DbgPrint(MIN_TRACE, ("Invalid transport context\n"));
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (!Endpoint) {
|
||||
TI_DbgPrint(MID_TRACE, ("No connection object.\n"));
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE );
|
||||
}
|
||||
|
||||
case TDI_QUERY_MAX_DATAGRAM_INFO:
|
||||
{
|
||||
PTDI_MAX_DATAGRAM_INFO MaxDatagramInfo = MmGetSystemAddressForMdl(Irp->MdlAddress);
|
||||
PTDI_MAX_DATAGRAM_INFO MaxDatagramInfo;
|
||||
|
||||
if (MmGetMdlByteCount(Irp->MdlAddress) < sizeof(*MaxDatagramInfo)) {
|
||||
TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
|
||||
return STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
MaxDatagramInfo = (PTDI_MAX_DATAGRAM_INFO)
|
||||
MmGetSystemAddressForMdl(Irp->MdlAddress);
|
||||
|
||||
MaxDatagramInfo->MaxDatagramSize = 0xFFFF;
|
||||
|
||||
|
|
Loading…
Reference in a new issue