- Cancel all the IRPs in the pending IRP queue when the FCB is being destroyed

- Fixes IRP, MDL, and buffer leaks
 - ping and dwnl don't leak at all now

svn path=/trunk/; revision=40339

reactos/drivers/network/afd/afd/connect.c

@@ -96,8 +96,15 @@ static NTSTATUS NTAPI StreamSocketConnectComplete
     FCB->ConnectIrp.InFlightRequest = NULL;
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_CONNECT] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_CONNECT]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
 	SocketStateUnlock( FCB );
 	return STATUS_FILE_CLOSED;
     }

reactos/drivers/network/afd/afd/listen.c

@@ -95,6 +95,8 @@ static NTSTATUS NTAPI ListenComplete
     NTSTATUS Status = STATUS_SUCCESS;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
 
     if( !SocketAcquireStateLock( FCB ) ) {
         Irp->IoStatus.Status = STATUS_FILE_CLOSED;
@@ -105,8 +107,15 @@ static NTSTATUS NTAPI ListenComplete
     FCB->ListenIrp.InFlightRequest = NULL;
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_PREACCEPT] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_PREACCEPT]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
 	SocketStateUnlock( FCB );
 	return STATUS_FILE_CLOSED;
     }

reactos/drivers/network/afd/afd/read.c

@@ -225,16 +225,17 @@ NTSTATUS NTAPI ReceiveComplete
   PIRP Irp,
   PVOID Context ) {
     PAFD_FCB FCB = (PAFD_FCB)Context;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
+    PAFD_RECV_INFO RecvReq;
+    PIO_STACK_LOCATION NextIrpSp;
 
     AFD_DbgPrint(MID_TRACE,("Called\n"));
 
     ASSERT_IRQL(APC_LEVEL);
 
-    if( !SocketAcquireStateLock( FCB ) ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
+    if( !SocketAcquireStateLock( FCB ) )
         return STATUS_FILE_CLOSED;
-    }
 
     FCB->ReceiveIrp.InFlightRequest = NULL;
 
@@ -242,11 +243,21 @@ NTSTATUS NTAPI ReceiveComplete
     FCB->Recv.BytesUsed = 0;
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-        AFD_DbgPrint(MIN_TRACE,("!!! CLOSED SOCK GOT A RECEIVE COMPLETE !!!\n"));
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        AFD_DbgPrint(MIN_TRACE,("!!! CLOSING SOCK GOT A RECEIVE COMPLETE !!!\n"));
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+               NextIrpSp = IoGetCurrentIrpStackLocation(NextIrp);
+               RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     } else if( FCB->State == SOCKET_STATE_LISTENING ) {
         AFD_DbgPrint(MIN_TRACE,("!!! LISTENER GOT A RECEIVE COMPLETE !!!\n"));
         Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
@@ -449,6 +460,7 @@ PacketSocketRecvComplete(
     PAFD_RECV_INFO RecvReq;
     PAFD_STORED_DATAGRAM DatagramRecv;
     UINT DGSize = Irp->IoStatus.Information + sizeof( AFD_STORED_DATAGRAM );
+    PLIST_ENTRY NextIrpEntry;
 
     AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
 
@@ -461,10 +473,20 @@ PacketSocketRecvComplete(
     FCB->ReceiveIrp.InFlightRequest = NULL;
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-        Irp->IoStatus.Status = STATUS_FILE_CLOSED;
-        Irp->IoStatus.Information = 0;
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_RECV] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_RECV]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrpSp = IoGetCurrentIrpStackLocation( NextIrp );
+	       RecvReq = NextIrpSp->Parameters.DeviceIoControl.Type3InputBuffer;
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(RecvReq->BufferArray, RecvReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
 
     DatagramRecv = ExAllocatePool( NonPagedPool, DGSize );

reactos/drivers/network/afd/afd/write.c

@@ -48,8 +48,18 @@ static NTSTATUS NTAPI SendComplete
     /* Request is not in flight any longer */
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE);
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
 
     if( !NT_SUCCESS(Status) ) {
@@ -162,6 +172,8 @@ static NTSTATUS NTAPI PacketSocketSendComplete
   PIRP Irp,
   PVOID Context ) {
     PAFD_FCB FCB = (PAFD_FCB)Context;
+    PLIST_ENTRY NextIrpEntry;
+    PIRP NextIrp;
 
     AFD_DbgPrint(MID_TRACE,("Called, status %x, %d bytes used\n",
 							Irp->IoStatus.Status,
@@ -178,8 +190,17 @@ static NTSTATUS NTAPI PacketSocketSendComplete
     PollReeval( FCB->DeviceExt, FCB->FileObject );
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
-		SocketStateUnlock( FCB );
-		return STATUS_FILE_CLOSED;
+        /* Cleanup our IRP queue because the FCB is being destroyed */
+        while( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) {
+	       NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]);
+	       NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry);
+	       NextIrp->IoStatus.Status = STATUS_FILE_CLOSED;
+	       NextIrp->IoStatus.Information = 0;
+	       if( NextIrp->MdlAddress ) UnlockRequest( NextIrp, IoGetCurrentIrpStackLocation( NextIrp ) );
+	       IoCompleteRequest( NextIrp, IO_NETWORK_INCREMENT );
+        }
+	SocketStateUnlock( FCB );
+	return STATUS_FILE_CLOSED;
     }
 
     SocketStateUnlock( FCB );