From 6555a581af78cf9eec7c43d15e6a76a5b43067c9 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Mon, 30 Mar 2009 22:32:37 +0000
Subject: [PATCH]  - Move the buffer size validation before writing to the
 buffer  - Change the status to STATUS_BUFFER_TOO_SMALL

svn path=/trunk/; revision=40301
---
 .../drivers/network/tcpip/tcpip/dispatch.c    | 29 ++++++++++---------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/reactos/drivers/network/tcpip/tcpip/dispatch.c b/reactos/drivers/network/tcpip/tcpip/dispatch.c
index 962ad4e5f8a..57b51452d4f 100644
--- a/reactos/drivers/network/tcpip/tcpip/dispatch.c
+++ b/reactos/drivers/network/tcpip/tcpip/dispatch.c
@@ -674,6 +674,14 @@ NTSTATUS DispTdiQueryInformation(
         PTA_IP_ADDRESS Address;
         PCONNECTION_ENDPOINT Endpoint = NULL;
 
+
+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
+             sizeof(TDI_ADDRESS_IP))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
         AddressInfo = (PTDI_ADDRESS_INFO)MmGetSystemAddressForMdl(Irp->MdlAddress);
 		Address = (PTA_IP_ADDRESS)&AddressInfo->Address;
 
@@ -711,13 +719,6 @@ NTSTATUS DispTdiQueryInformation(
           return STATUS_INVALID_PARAMETER;
         }
 
-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
-             sizeof(TDI_ADDRESS_IP))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
-          return STATUS_BUFFER_OVERFLOW;
-        }
-
         return STATUS_SUCCESS;
       }
 
@@ -727,6 +728,13 @@ NTSTATUS DispTdiQueryInformation(
         PADDRESS_FILE AddrFile;
         PCONNECTION_ENDPOINT Endpoint = NULL;
 
+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
+             sizeof(PVOID))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
         AddressInfo = (PTDI_CONNECTION_INFORMATION)
           MmGetSystemAddressForMdl(Irp->MdlAddress);
 
@@ -750,13 +758,6 @@ NTSTATUS DispTdiQueryInformation(
           return STATUS_INVALID_PARAMETER;
         }
 
-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
-             sizeof(PVOID))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
-          return STATUS_BUFFER_OVERFLOW;
-        }
-
         return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE );
       }
   }