Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-08-04 18:40:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

[LWIP]

Browse source 
- Fix a buffer overflow when the packet queue has more packets than the receive request can take
- Remove an extra variable

svn path=/trunk/; revision=53188
This commit is contained in:
Cameron Gutman 2011-08-11 21:22:00 +00:00
parent 5bf224e84b
commit 6fbcf9c9ea
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
reactos/lib/drivers/lwip/src/rostcp.c
View file

@ -83,11 +83,10 @@ NTSTATUS LibTCPGetDataFromConnectionQueue(PCONNECTION_ENDPOINT Connection, PUCHA
PQUEUE_ENTRY qp; PQUEUE_ENTRY qp;
struct pbuf* p; struct pbuf* p;
NTSTATUS Status = STATUS_PENDING; NTSTATUS Status = STATUS_PENDING;
UINT ReadLength, ExistingDataLength, SpaceLeft; UINT ReadLength, ExistingDataLength;
KIRQL OldIrql; KIRQL OldIrql;
(*Received) = 0; (*Received) = 0;
SpaceLeft = RecvLen;
LockObject(Connection, &OldIrql); LockObject(Connection, &OldIrql);
@ -100,7 +99,7 @@ NTSTATUS LibTCPGetDataFromConnectionQueue(PCONNECTION_ENDPOINT Connection, PUCHA
Status = STATUS_SUCCESS; Status = STATUS_SUCCESS;
ReadLength = MIN(p->tot_len, SpaceLeft); ReadLength = MIN(p->tot_len, RecvLen);
if (ReadLength != p->tot_len) if (ReadLength != p->tot_len)
{ {
if (ExistingDataLength) if (ExistingDataLength)
@ -128,7 +127,7 @@ NTSTATUS LibTCPGetDataFromConnectionQueue(PCONNECTION_ENDPOINT Connection, PUCHA
LockObject(Connection, &OldIrql); LockObject(Connection, &OldIrql);
SpaceLeft -= ReadLength; RecvLen -= ReadLength;
/* Use this special pbuf free callback function because we're outside tcpip thread */ /* Use this special pbuf free callback function because we're outside tcpip thread */
pbuf_free_callback(qp->p); pbuf_free_callback(qp->p);
@ -208,6 +207,8 @@ InternalRecvEventHandler(void *arg, PTCP_PCB pcb, struct pbuf *p, const err_t er
return ERR_OK; return ERR_OK;
} }
ASSERT(!LibTCPDequeuePacket(Connection));
if (p) if (p)
{ {
len = TCPRecvEventHandler(arg, p); len = TCPRecvEventHandler(arg, p);