From 768cc14b79fa5cd5f1ef8eb90959bcb4fcfc0a30 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Sun, 5 Jun 2011 17:08:37 +0000
Subject: [PATCH] [AFD] - Create an empty TRANSPORT_ADDRESS for the local
 address when doing an implicit bind so TCP/IP can choose its own local port
 and address instead of trying to bind the remote address and port - Fixes
 another critical networking bug

svn path=/trunk/; revision=52092
---
 reactos/drivers/network/afd/afd/connect.c     |  2 +-
 reactos/drivers/network/afd/afd/tdiconn.c     | 28 ++++++++++++++++++-
 reactos/drivers/network/afd/include/tdiconn.h |  1 +
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/reactos/drivers/network/afd/afd/connect.c b/reactos/drivers/network/afd/afd/connect.c
index 28fcfada857..9df1eb6815c 100644
--- a/reactos/drivers/network/afd/afd/connect.c
+++ b/reactos/drivers/network/afd/afd/connect.c
@@ -407,7 +407,7 @@ AfdStreamSocketConnect(PDEVICE_OBJECT DeviceObject, PIRP Irp,
     case SOCKET_STATE_CREATED:
 	if( FCB->LocalAddress ) ExFreePool( FCB->LocalAddress );
 	FCB->LocalAddress =
-	    TaCopyTransportAddress( &ConnectReq->RemoteAddress );
+	    TaBuildNullTransportAddress( ConnectReq->RemoteAddress.Address[0].AddressType );
 
 	if( FCB->LocalAddress ) {
 	    Status = WarmSocketForBind( FCB );
diff --git a/reactos/drivers/network/afd/afd/tdiconn.c b/reactos/drivers/network/afd/afd/tdiconn.c
index b6a5e523fc2..4aa764c230f 100644
--- a/reactos/drivers/network/afd/afd/tdiconn.c
+++ b/reactos/drivers/network/afd/afd/tdiconn.c
@@ -38,7 +38,14 @@ UINT TaLengthOfAddress( PTA_ADDRESS Addr ) {
 }
 
 UINT TaLengthOfTransportAddress( PTRANSPORT_ADDRESS Addr ) {
-    UINT AddrLen = 2 * sizeof( ULONG ) + Addr->Address[0].AddressLength;
+    UINT AddrLen = sizeof(ULONG) + TaLengthOfAddress(&Addr->Address[0]);
+    AFD_DbgPrint(MID_TRACE,("AddrLen %x\n", AddrLen));
+    return AddrLen;
+}
+
+UINT TaLengthOfTransportAddressByType(UINT AddressType)
+{
+    UINT AddrLen = sizeof(ULONG) + 2 * sizeof(USHORT) + TdiAddressSizeFromType(AddressType);
     AFD_DbgPrint(MID_TRACE,("AddrLen %x\n", AddrLen));
     return AddrLen;
 }
@@ -77,6 +84,25 @@ PTRANSPORT_ADDRESS TaCopyTransportAddress( PTRANSPORT_ADDRESS OtherAddress ) {
 	return A;
 }
 
+PTRANSPORT_ADDRESS TaBuildNullTransportAddress(UINT AddressType)
+{
+    UINT AddrLen;
+    PTRANSPORT_ADDRESS A;
+
+    AddrLen = TaLengthOfTransportAddressByType(AddressType);
+    A = ExAllocatePool(NonPagedPool, AddrLen);
+
+    if (A)
+    {
+        A->TAAddressCount = 1;
+        A->Address[0].AddressLength = TdiAddressSizeFromType(AddressType);
+        A->Address[0].AddressType = AddressType;
+        RtlZeroMemory(A->Address[0].Address, A->Address[0].AddressLength);
+    }
+
+    return A;
+}
+
 NTSTATUS TdiBuildNullConnectionInfoInPlace
 ( PTDI_CONNECTION_INFORMATION ConnInfo,
   ULONG Type )
diff --git a/reactos/drivers/network/afd/include/tdiconn.h b/reactos/drivers/network/afd/include/tdiconn.h
index 662fc71f834..c06d930b2da 100644
--- a/reactos/drivers/network/afd/include/tdiconn.h
+++ b/reactos/drivers/network/afd/include/tdiconn.h
@@ -7,6 +7,7 @@
 typedef VOID *PTDI_CONNECTION_INFO_PAIR;
 
 PTRANSPORT_ADDRESS TaCopyTransportAddress( PTRANSPORT_ADDRESS OtherAddress );
+PTRANSPORT_ADDRESS TaBuildNullTransportAddress(UINT AddressType);
 UINT TaLengthOfAddress( PTA_ADDRESS Addr );
 UINT TaLengthOfTransportAddress( PTRANSPORT_ADDRESS Addr );
 VOID TaCopyAddressInPlace( PTA_ADDRESS Target, PTA_ADDRESS Source );