Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 18:15:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NDISUIO]

Browse source 
- Fix a query binding bug that caused access to unallocated memory
[WLANCONF]
- Fix parameter parsing and dumb IOCTL_NDISUIO_QUERY_BINDING usage

svn path=/branches/wlan-bringup/; revision=54877
This commit is contained in:
Cameron Gutman 2012-01-08 06:51:44 +00:00
parent 1df989ccab
commit b21b8741c3
2 changed files with 50 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
base/applications/network/wlanconf/wlanconf.c
View file

@ -132,21 +132,16 @@ OpenAdapterHandle(DWORD Index)
return INVALID_HANDLE_VALUE;
}
/* Query for bindable adapters */
QueryBinding->BindingIndex = 0;
do {
bSuccess = DeviceIoControl(hDriver,
IOCTL_NDISUIO_QUERY_BINDING,
QueryBinding,
QueryBindingSize,
QueryBinding,
QueryBindingSize,
&dwBytesReturned,
NULL);
if (QueryBinding->BindingIndex == Index)
break;
QueryBinding->BindingIndex++;
} while (bSuccess);
/* Query the adapter binding information */
QueryBinding->BindingIndex = Index;
bSuccess = DeviceIoControl(hDriver,
IOCTL_NDISUIO_QUERY_BINDING,
QueryBinding,
QueryBindingSize,
QueryBinding,
QueryBindingSize,
&dwBytesReturned,
NULL);
if (!bSuccess)
{
@ -540,35 +535,46 @@ BOOL ParseCmdline(int argc, char* argv[])
for (i = 1; i < argc; i++)
{
if ((argc > 1) && (argv[i][0] == '-'))
if (argv[i][0] == '-')
{
TCHAR c;
while ((c = *++argv[i]) != '\0')
switch (argv[i][1])
{
switch (c)
{
case 's':
bScan = TRUE;
break;
case 'd':
bDisconnect = TRUE;
break;
case 'c':
bConnect = TRUE;
sSsid = argv[++i];
break;
case 'w':
sWepKey = argv[++i];
break;
case 'a':
bAdhoc = TRUE;
break;
default :
case 's':
bScan = TRUE;
break;
case 'd':
bDisconnect = TRUE;
break;
case 'c':
if (i == argc - 1)
{
Usage();
return FALSE;
}
}
bConnect = TRUE;
sSsid = argv[++i];
break;
case 'w':
if (i == argc - 1)
{
Usage();
return FALSE;
}
sWepKey = argv[++i];
break;
case 'a':
bAdhoc = TRUE;
break;
default :
Usage();
return FALSE;
}
}
else
{
Usage();
return FALSE;
}
}

8
drivers/network/ndisuio/ioctl.c
View file

@ -33,7 +33,7 @@ static
NTSTATUS
QueryBinding(PIRP Irp, PIO_STACK_LOCATION IrpSp)
{
PNDISUIO_ADAPTER_CONTEXT AdapterContext;
PNDISUIO_ADAPTER_CONTEXT AdapterContext = NULL;
PNDISUIO_QUERY_BINDING QueryBinding = Irp->AssociatedIrp.SystemBuffer;
ULONG BindingLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
NTSTATUS Status;
@ -50,14 +50,16 @@ QueryBinding(PIRP Irp, PIO_STACK_LOCATION IrpSp)
while (CurrentEntry != &GlobalAdapterList)
{
if (i == QueryBinding->BindingIndex)
{
AdapterContext = CONTAINING_RECORD(CurrentEntry, NDISUIO_ADAPTER_CONTEXT, ListEntry);
break;
}
i++;
CurrentEntry = CurrentEntry->Flink;
}
KeReleaseSpinLock(&GlobalAdapterListLock, OldIrql);
if (i == QueryBinding->BindingIndex)
if (AdapterContext)
{
AdapterContext = CONTAINING_RECORD(CurrentEntry, NDISUIO_ADAPTER_CONTEXT, ListEntry);
DPRINT("Query binding for index %d is adapter %wZ\n", i, &AdapterContext->DeviceName);
BytesCopied = sizeof(NDISUIO_QUERY_BINDING);
if (AdapterContext->DeviceName.Length <= BindingLength - BytesCopied)