[AFD] Don't allow caller to set broken values to window sizes

This will avoid 0-sized allocations, or -1-sized allocations.
So far, it's maxed by hard value stored in TCPIP.sys. I believe
this is not right and would deserve a true fix
This commit is contained in:
Pierre Schweitzer 2019-02-25 22:27:00 +01:00
parent bb9eec7537
commit 86483d6e22
No known key found for this signature in database
GPG key ID: 7545556C3D585B0B

View file

@ -124,6 +124,12 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
FCB->OobInline = InfoReq->Information.Boolean; FCB->OobInline = InfoReq->Information.Boolean;
break; break;
case AFD_INFO_RECEIVE_WINDOW_SIZE: case AFD_INFO_RECEIVE_WINDOW_SIZE:
if (FCB->State == SOCKET_STATE_CONNECTED ||
FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS)
{
/* FIXME: likely not right, check tcpip.sys for TDI_QUERY_MAX_DATAGRAM_INFO */
if (InfoReq->Information.Ulong > 0 && InfoReq->Information.Ulong < 0xFFFF)
{
NewBuffer = ExAllocatePoolWithTag(PagedPool, NewBuffer = ExAllocatePoolWithTag(PagedPool,
InfoReq->Information.Ulong, InfoReq->Information.Ulong,
TAG_AFD_DATA_BUFFER); TAG_AFD_DATA_BUFFER);
@ -151,8 +157,23 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
{ {
Status = STATUS_NO_MEMORY; Status = STATUS_NO_MEMORY;
} }
}
else
{
Status = STATUS_SUCCESS;
}
}
else
{
Status = STATUS_INVALID_PARAMETER;
}
break; break;
case AFD_INFO_SEND_WINDOW_SIZE: case AFD_INFO_SEND_WINDOW_SIZE:
if (FCB->State == SOCKET_STATE_CONNECTED ||
FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS)
{
if (InfoReq->Information.Ulong > 0 && InfoReq->Information.Ulong < 0xFFFF)
{
NewBuffer = ExAllocatePoolWithTag(PagedPool, NewBuffer = ExAllocatePoolWithTag(PagedPool,
InfoReq->Information.Ulong, InfoReq->Information.Ulong,
TAG_AFD_DATA_BUFFER); TAG_AFD_DATA_BUFFER);
@ -180,6 +201,16 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
{ {
Status = STATUS_NO_MEMORY; Status = STATUS_NO_MEMORY;
} }
}
else
{
Status = STATUS_SUCCESS;
}
}
else
{
Status = STATUS_INVALID_PARAMETER;
}
break; break;
default: default:
AFD_DbgPrint(MIN_TRACE,("Unknown request %u\n", InfoReq->InformationClass)); AFD_DbgPrint(MIN_TRACE,("Unknown request %u\n", InfoReq->InformationClass));