- Move the buffer size validation before writing to the buffer

- Change the status to STATUS_BUFFER_TOO_SMALL svn path=/trunk/; revision=40301
2024-08-12 06:06:27 +00:00 · 2009-03-30 22:32:37 +00:00 · 2009-03-30 22:32:37 +00:00 · 6555a581af
parent e84bd02268
commit 6555a581af
1 changed files with 15 additions and 14 deletions
--- a/reactos/drivers/network/tcpip/tcpip/dispatch.c
+++ b/reactos/drivers/network/tcpip/tcpip/dispatch.c
@ -674,6 +674,14 @@ NTSTATUS DispTdiQueryInformation(
        PTA_IP_ADDRESS Address;
        PCONNECTION_ENDPOINT Endpoint = NULL;

+
+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
+             sizeof(TDI_ADDRESS_IP))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
        AddressInfo = (PTDI_ADDRESS_INFO)MmGetSystemAddressForMdl(Irp->MdlAddress);
 		Address = (PTA_IP_ADDRESS)&AddressInfo->Address;

@ -711,13 +719,6 @@ NTSTATUS DispTdiQueryInformation(
          return STATUS_INVALID_PARAMETER;
        }

-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
-             sizeof(TDI_ADDRESS_IP))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
-          return STATUS_BUFFER_OVERFLOW;
-        }
-
        return STATUS_SUCCESS;
      }

@ -727,6 +728,13 @@ NTSTATUS DispTdiQueryInformation(
        PADDRESS_FILE AddrFile;
        PCONNECTION_ENDPOINT Endpoint = NULL;

+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
+             sizeof(PVOID))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
        AddressInfo = (PTDI_CONNECTION_INFORMATION)
          MmGetSystemAddressForMdl(Irp->MdlAddress);

@ -750,13 +758,6 @@ NTSTATUS DispTdiQueryInformation(
          return STATUS_INVALID_PARAMETER;
        }

-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
-             sizeof(PVOID))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
-          return STATUS_BUFFER_OVERFLOW;
-        }
-
        return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE );
      }
  }