[AFD] Don't allow caller to set broken values to window sizes

This will avoid 0-sized allocations, or -1-sized allocations. So far, it's maxed by hard value stored in TCPIP.sys. I believe this is not right and would deserve a true fix
2024-12-28 18:15:11 +00:00 · 2019-02-25 22:27:00 +01:00 · 2019-02-25 22:27:00 +01:00 · 86483d6e22
commit 86483d6e22
parent bb9eec7537
1 changed files with 69 additions and 38 deletions
--- a/drivers/network/afd/afd/info.c
+++ b/drivers/network/afd/afd/info.c
@ -124,6 +124,12 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                FCB->OobInline = InfoReq->Information.Boolean;
                break;
            case AFD_INFO_RECEIVE_WINDOW_SIZE:
+                if (FCB->State == SOCKET_STATE_CONNECTED ||
+                    FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS)
+                {
+                    /* FIXME: likely not right, check tcpip.sys for TDI_QUERY_MAX_DATAGRAM_INFO */
+                    if (InfoReq->Information.Ulong > 0 && InfoReq->Information.Ulong < 0xFFFF)
+                    {
                        NewBuffer = ExAllocatePoolWithTag(PagedPool,
                                                          InfoReq->Information.Ulong,
                                                          TAG_AFD_DATA_BUFFER);
@ -151,8 +157,23 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                        {
                            Status = STATUS_NO_MEMORY;
                        }
+                    }
+                    else
+                    {
+                        Status = STATUS_SUCCESS;
+                    }
+                }
+                else
+                {
+                    Status = STATUS_INVALID_PARAMETER;
+                }
                break;
            case AFD_INFO_SEND_WINDOW_SIZE:
+                if (FCB->State == SOCKET_STATE_CONNECTED ||
+                    FCB->Flags & AFD_ENDPOINT_CONNECTIONLESS)
+                {
+                    if (InfoReq->Information.Ulong > 0 && InfoReq->Information.Ulong < 0xFFFF)
+                    {
                        NewBuffer = ExAllocatePoolWithTag(PagedPool,
                                                          InfoReq->Information.Ulong,
                                                          TAG_AFD_DATA_BUFFER);
@ -180,6 +201,16 @@ AfdSetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
                        {
                            Status = STATUS_NO_MEMORY;
                        }
+                    }
+                    else
+                    {
+                        Status = STATUS_SUCCESS;
+                    }
+                }
+                else
+                {
+                    Status = STATUS_INVALID_PARAMETER;
+                }
                break;
            default:
                AFD_DbgPrint(MIN_TRACE,("Unknown request %u\n", InfoReq->InformationClass));