diff --git a/reactos/dll/win32/msafd/misc/dllmain.c b/reactos/dll/win32/msafd/misc/dllmain.c
index 4c520e132af..1343c99a936 100644
--- a/reactos/dll/win32/msafd/misc/dllmain.c
+++ b/reactos/dll/win32/msafd/misc/dllmain.c
@@ -285,10 +285,12 @@ DWORD MsafdReturnWithErrno( NTSTATUS Status, LPINT Errno, DWORD Received,
             if( ReturnedBytes ) *ReturnedBytes = Received; break;
         case STATUS_END_OF_FILE: *Errno = WSAESHUTDOWN; break;
         case STATUS_PENDING: *Errno = WSA_IO_PENDING; break;
-        case STATUS_BUFFER_OVERFLOW: *Errno = WSAEMSGSIZE; break;
-        case STATUS_INSUFFICIENT_RESOURCES: *Errno = WSA_NOT_ENOUGH_MEMORY; break;
-        case STATUS_INVALID_CONNECTION: *Errno = WSAEAFNOSUPPORT; break;
-        case STATUS_REMOTE_NOT_LISTENING: *Errno = WSAECONNRESET; break;
+	case STATUS_BUFFER_OVERFLOW: AFD_DbgPrint(MID_TRACE,("MSAFD: STATUS_BUFFER_TOO_SMALL/STATUS_BUFFER_OVERFLOW\n")); *Errno = WSAEMSGSIZE; break;
+  	case STATUS_NO_MEMORY: /* Fall through to STATUS_INSUFFICIENT_RESOURCES */
+	case STATUS_INSUFFICIENT_RESOURCES: AFD_DbgPrint(MID_TRACE,("MSAFD: STATUS_NO_MEMORY/STATUS_INSUFFICIENT_RESOURCES\n")); *Errno = WSA_NOT_ENOUGH_MEMORY; break;
+	case STATUS_INVALID_CONNECTION: AFD_DbgPrint(MID_TRACE,("MSAFD: STATUS_INVALID_CONNECTION\n")); *Errno = WSAEAFNOSUPPORT; break;
+	case STATUS_REMOTE_NOT_LISTENING: AFD_DbgPrint(MID_TRACE, ("MSAFD: STATUS_REMOTE_NOT_LISTENING\n")); *Errno = WSAECONNRESET; break;
+ 	case STATUS_FILE_CLOSED: AFD_DbgPrint(MID_TRACE, ("MSAFD: STATUS_FILE_CLOSED\n")); *Errno = WSAENOTSOCK; break;
         default:
             DbgPrint("MSAFD: Error %x is unknown\n", Status);
             *Errno = WSAEINVAL; break;
diff --git a/reactos/drivers/network/afd/afd/connect.c b/reactos/drivers/network/afd/afd/connect.c
index 77d9f0aa94a..ff55ef8ea2b 100644
--- a/reactos/drivers/network/afd/afd/connect.c
+++ b/reactos/drivers/network/afd/afd/connect.c
@@ -77,7 +77,7 @@ static NTSTATUS NTAPI StreamSocketConnectComplete
 
     /* I was wrong about this before as we can have pending writes to a not
      * yet connected socket */
-    if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
+    if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED;
 
     AFD_DbgPrint(MID_TRACE,("Irp->IoStatus.Status = %x\n",
 			    Irp->IoStatus.Status));
@@ -108,7 +108,10 @@ static NTSTATUS NTAPI StreamSocketConnectComplete
     if( NT_SUCCESS(Status) ) {
 	Status = MakeSocketIntoConnection( FCB );
 
-	if( !NT_SUCCESS(Status) ) return Status;
+	if( !NT_SUCCESS(Status) ) {
+	    SocketStateUnlock( FCB );
+	    return Status;
+	}
 
 	if( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
 	    NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
diff --git a/reactos/drivers/network/afd/afd/info.c b/reactos/drivers/network/afd/afd/info.c
index 5e233ef80a2..231ce6a8d18 100644
--- a/reactos/drivers/network/afd/afd/info.c
+++ b/reactos/drivers/network/afd/afd/info.c
@@ -125,12 +125,20 @@ AfdGetSockOrPeerName( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                 }
 
                 if( SysMdl ) {
-                    MmBuildMdlForNonPagedPool( SysMdl );
+                    _SEH_TRY {
+                        MmProbeAndLockPages( SysMdl, Irp->RequestorMode, IoModifyAccess );
+                    } _SEH_HANDLE {
+	                AFD_DbgPrint(MIN_TRACE, ("MmProbeAndLockPages() failed.\n"));
+	                Status = _SEH_GetExceptionCode();
+                    } _SEH_END;
+                } else Status = STATUS_NO_MEMORY;
+
+                if( NT_SUCCESS(Status) ) {
                     Status = TdiQueryInformation
                         ( FCB->AddressFile.Object,
                           TDI_QUERY_CONNECTION_INFO,
                           SysMdl );
-                } else Status = STATUS_NO_MEMORY;
+                }
 
                 if( NT_SUCCESS(Status) ) {
                     TransAddr =
@@ -142,14 +150,15 @@ AfdGetSockOrPeerName( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                     RtlCopyMemory( TransAddr, ConnInfo->RemoteAddress,
                                    TaLengthOfTransportAddress
                                    ( ConnInfo->RemoteAddress ) );
+                else Status = STATUS_INSUFFICIENT_RESOURCES;
 
                 if( ConnInfo ) ExFreePool( ConnInfo );
                 if( SysMdl ) IoFreeMdl( SysMdl );
                 if( TransAddr ) MmUnmapLockedPages( TransAddr, Mdl );
+                MmUnlockPages( Mdl );
+                IoFreeMdl( Mdl );
             }
-	  /* MmUnlockPages( Mdl ); */
 	}
-    /* IoFreeMdl( Mdl ); */
     } else {
     	Status = STATUS_INSUFFICIENT_RESOURCES;
     }
diff --git a/reactos/drivers/network/afd/afd/listen.c b/reactos/drivers/network/afd/afd/listen.c
index fbd73b97479..0d3d26a7590 100644
--- a/reactos/drivers/network/afd/afd/listen.c
+++ b/reactos/drivers/network/afd/afd/listen.c
@@ -83,20 +83,19 @@ static NTSTATUS NTAPI ListenComplete
 ( PDEVICE_OBJECT DeviceObject,
   PIRP Irp,
   PVOID Context ) {
-    NTSTATUS Status = STATUS_UNSUCCESSFUL;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
 
-    if ( Irp->Cancel ) {
-	/* FIXME: is this anything else we need to do? */
-	FCB->ListenIrp.InFlightRequest = NULL;
-	return STATUS_SUCCESS;
-    }
-
     if( !SocketAcquireStateLock( FCB ) ) return Status;
 
     FCB->ListenIrp.InFlightRequest = NULL;
 
+    if( Irp->Cancel ) {
+	SocketStateUnlock( FCB );
+	return STATUS_SUCCESS;
+    }
+
     if( FCB->State == SOCKET_STATE_CLOSED ) {
 	SocketStateUnlock( FCB );
 	DestroySocket( FCB );
diff --git a/reactos/drivers/network/afd/afd/lock.c b/reactos/drivers/network/afd/afd/lock.c
index d63fb56a2b8..9858b59d8ad 100644
--- a/reactos/drivers/network/afd/afd/lock.c
+++ b/reactos/drivers/network/afd/afd/lock.c
@@ -262,7 +262,7 @@ NTSTATUS NTAPI UnlockAndMaybeComplete
 
 
 NTSTATUS LostSocket( PIRP Irp ) {
-    NTSTATUS Status = STATUS_INVALID_PARAMETER;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     AFD_DbgPrint(MIN_TRACE,("Called.\n"));
     Irp->IoStatus.Information = 0;
     Irp->IoStatus.Status = Status;
diff --git a/reactos/drivers/network/afd/afd/read.c b/reactos/drivers/network/afd/afd/read.c
index 05f723ba9c2..048678c0e76 100644
--- a/reactos/drivers/network/afd/afd/read.c
+++ b/reactos/drivers/network/afd/afd/read.c
@@ -449,7 +449,7 @@ PacketSocketRecvComplete(
 
     AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
 
-    if( !SocketAcquireStateLock( FCB ) ) return STATUS_UNSUCCESSFUL;
+    if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED;
 
     FCB->ReceiveIrp.InFlightRequest = NULL;
 
diff --git a/reactos/drivers/network/afd/afd/select.c b/reactos/drivers/network/afd/afd/select.c
index 1888340cd3d..82788123cde 100644
--- a/reactos/drivers/network/afd/afd/select.c
+++ b/reactos/drivers/network/afd/afd/select.c
@@ -277,6 +277,10 @@ AfdEventSelect( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 	(PAFD_EVENT_SELECT_INFO)LockRequest( Irp, IrpSp );
     PAFD_FCB FCB = FileObject->FsContext;
 
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EventSelectInfo ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
 				   0, NULL );
@@ -285,10 +289,6 @@ AfdEventSelect( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 			    EventSelectInfo->EventObject,
 			    EventSelectInfo->Events));
 
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
-    }
-
     FCB->EventSelectTriggers = FCB->EventsFired = 0;
     if( FCB->EventSelect ) ObDereferenceObject( FCB->EventSelect );
     FCB->EventSelect = NULL;
@@ -325,15 +325,15 @@ AfdEnumEvents( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 
     AFD_DbgPrint(MID_TRACE,("Called (FCB %x)\n", FCB));
 
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EnumReq ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
 				   0, NULL );
     }
 
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
-    }
-
     EnumReq->PollEvents = FCB->PollState;
     RtlZeroMemory( EnumReq->EventStatus, sizeof(EnumReq->EventStatus) );
 
diff --git a/reactos/drivers/network/afd/afd/tdi.c b/reactos/drivers/network/afd/afd/tdi.c
index a80452d2284..c4501f1842c 100644
--- a/reactos/drivers/network/afd/afd/tdi.c
+++ b/reactos/drivers/network/afd/afd/tdi.c
@@ -608,7 +608,7 @@ NTSTATUS TdiQueryInformation(
 
     KeInitializeEvent(&Event, NotificationEvent, FALSE);
 
-    Irp = TdiBuildInternalDeviceControlIrp(IOCTL_TCP_QUERY_INFORMATION, /* Sub function */
+    Irp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION,       /* Sub function */
                                            DeviceObject,                /* Device object */
                                            ConnectionObject,            /* File object */
                                            &Event,                      /* Event */
diff --git a/reactos/include/ddk/tdikrnl.h b/reactos/include/ddk/tdikrnl.h
index ef55f4ab93b..b0f05dd0752 100644
--- a/reactos/include/ddk/tdikrnl.h
+++ b/reactos/include/ddk/tdikrnl.h
@@ -577,7 +577,7 @@ TdiDefaultSendPossibleHandler(
   IrpSubFunction, DeviceObject,           \
   FileObject, Event, IoStatusBlock)       \
   IoBuildDeviceIoControlRequest(          \
-		0x00000003, DeviceObject,             \
+		IrpSubFunction, DeviceObject,             \
 		NULL, 0, NULL, 0,                     \
 		TRUE, Event, IoStatusBlock)
 
diff --git a/reactos/lib/drivers/ip/transport/datagram/datagram.c b/reactos/lib/drivers/ip/transport/datagram/datagram.c
index c26c56b3eef..0b701338075 100644
--- a/reactos/lib/drivers/ip/transport/datagram/datagram.c
+++ b/reactos/lib/drivers/ip/transport/datagram/datagram.c
@@ -177,6 +177,7 @@ VOID DGDeliverData(
     }
   else
     {
+      TcpipReleaseSpinLock(&AddrFile->Lock, OldIrql);
       TI_DbgPrint(MAX_TRACE, ("Discarding datagram.\n"));
     }