From b50e9e31469bdc490b9fbc6fa46baf3c80076ba1 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Tue, 12 Aug 2008 18:18:03 +0000 Subject: [PATCH] - Make sure both FCB->Recv.Window and FCB->Send.Window were created before returning STATUS_SUCCESS - Make sure MakeSocketIntoConnection() completed successfully - Make sure WarmSocketForConnection() completed successfully - Don't continue if TdiBuildNullConnectionInfoInPlace() fails - SEHify TdiBuildConnectionInfoInPlace() - Make sure we have a non-NULL TargetAddress before calling TdiSendDatagram() svn path=/branches/aicom-network-fixes/; revision=35290 --- drivers/network/afd/afd/connect.c | 38 +++++++++++++++++++------------ drivers/network/afd/afd/listen.c | 8 ++++--- drivers/network/afd/afd/tdiconn.c | 17 ++++++++++---- drivers/network/afd/afd/write.c | 26 +++++++++++---------- 4 files changed, 54 insertions(+), 35 deletions(-) diff --git a/drivers/network/afd/afd/connect.c b/drivers/network/afd/afd/connect.c index 9db0240de8c..77d9f0aa94a 100644 --- a/drivers/network/afd/afd/connect.c +++ b/drivers/network/afd/afd/connect.c @@ -33,26 +33,32 @@ NTSTATUS WarmSocketForConnection( PAFD_FCB FCB ) { } NTSTATUS MakeSocketIntoConnection( PAFD_FCB FCB ) { - NTSTATUS Status = STATUS_NO_MEMORY; + NTSTATUS Status; /* Allocate the receive area and start receiving */ FCB->Recv.Window = ExAllocatePool( NonPagedPool, FCB->Recv.Size ); + + if( !FCB->Recv.Window ) return STATUS_NO_MEMORY; + FCB->Send.Window = ExAllocatePool( NonPagedPool, FCB->Send.Size ); + if( !FCB->Send.Window ) { + ExFreePool( FCB->Recv.Window ); + return STATUS_NO_MEMORY; + } + FCB->State = SOCKET_STATE_CONNECTED; - if( FCB->Recv.Window ) { - Status = TdiReceive( &FCB->ReceiveIrp.InFlightRequest, - FCB->Connection.Object, - TDI_RECEIVE_NORMAL, - FCB->Recv.Window, - FCB->Recv.Size, - &FCB->ReceiveIrp.Iosb, - ReceiveComplete, - FCB ); - } + Status = TdiReceive( &FCB->ReceiveIrp.InFlightRequest, + FCB->Connection.Object, + TDI_RECEIVE_NORMAL, + FCB->Recv.Window, + FCB->Recv.Size, + &FCB->ReceiveIrp.Iosb, + ReceiveComplete, + FCB ); return Status; } @@ -102,8 +108,9 @@ static NTSTATUS NTAPI StreamSocketConnectComplete if( NT_SUCCESS(Status) ) { Status = MakeSocketIntoConnection( FCB ); - if( FCB->Send.Window && - !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) { + if( !NT_SUCCESS(Status) ) return Status; + + if( !IsListEmpty( &FCB->PendingIrpList[FUNCTION_SEND] ) ) { NextIrpEntry = RemoveHeadList(&FCB->PendingIrpList[FUNCTION_SEND]); NextIrp = CONTAINING_RECORD(NextIrpEntry, IRP, Tail.Overlay.ListEntry); @@ -158,7 +165,7 @@ AfdStreamSocketConnect(PDEVICE_OBJECT DeviceObject, PIRP Irp, case SOCKET_STATE_CONNECTING: return LeaveIrpUntilLater( FCB, Irp, FUNCTION_CONNECT ); - case SOCKET_STATE_CREATED: { + case SOCKET_STATE_CREATED: FCB->LocalAddress = TaCopyTransportAddress( &ConnectReq->RemoteAddress ); @@ -182,7 +189,8 @@ AfdStreamSocketConnect(PDEVICE_OBJECT DeviceObject, PIRP Irp, } else return UnlockAndMaybeComplete ( FCB, STATUS_NO_MEMORY, Irp, 0, NULL ); - } /* Drop through to SOCKET_STATE_BOUND */ + + /* Drop through to SOCKET_STATE_BOUND */ case SOCKET_STATE_BOUND: FCB->RemoteAddress = diff --git a/drivers/network/afd/afd/listen.c b/drivers/network/afd/afd/listen.c index f9589ccf2c2..9df56fc9b82 100644 --- a/drivers/network/afd/afd/listen.c +++ b/drivers/network/afd/afd/listen.c @@ -182,10 +182,12 @@ NTSTATUS AfdListenSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp, Status = WarmSocketForConnection( FCB ); - FCB->State = SOCKET_STATE_LISTENING; - AFD_DbgPrint(MID_TRACE,("Status from warmsocket %x\n", Status)); + if( !NT_SUCCESS(Status) ) return UnlockAndMaybeComplete( FCB, Status, Irp, 0, NULL ); + + FCB->State = SOCKET_STATE_LISTENING; + TdiBuildNullConnectionInfo ( &FCB->ListenIrp.ConnectionCallInfo, FCB->LocalAddress->Address[0].AddressType ); @@ -274,7 +276,7 @@ NTSTATUS AfdAccept( PDEVICE_OBJECT DeviceObject, PIRP Irp, &FCB->ListenIrp.Iosb, ListenComplete, FCB ); - } + } else return UnlockAndMaybeComplete( FCB, Status, Irp, 0, NULL ); FCB->NeedsNewListen = FALSE; } diff --git a/drivers/network/afd/afd/tdiconn.c b/drivers/network/afd/afd/tdiconn.c index 97dafd491ab..392adc8c885 100644 --- a/drivers/network/afd/afd/tdiconn.c +++ b/drivers/network/afd/afd/tdiconn.c @@ -8,6 +8,7 @@ * 20040708 Created */ #include +#include #include "debug.h" #include "tdiconn.h" @@ -126,9 +127,11 @@ NTSTATUS TdiBuildNullConnectionInfo Status = TdiBuildNullConnectionInfoInPlace( ConnInfo, Type ); - if (!NT_SUCCESS(Status)) + if (!NT_SUCCESS(Status)) { ExFreePool( ConnInfo ); - else + *ConnectionInfo = NULL; + return Status; + } else *ConnectionInfo = ConnInfo; ConnInfo->RemoteAddress = (PTA_ADDRESS)&ConnInfo[1]; @@ -144,9 +147,13 @@ TdiBuildConnectionInfoInPlace PTRANSPORT_ADDRESS Address ) { NTSTATUS Status = STATUS_SUCCESS; - RtlCopyMemory( ConnectionInfo->RemoteAddress, - Address, - ConnectionInfo->RemoteAddressLength ); + _SEH_TRY { + RtlCopyMemory( ConnectionInfo->RemoteAddress, + Address, + ConnectionInfo->RemoteAddressLength ); + } _SEH_HANDLE { + Status = _SEH_GetExceptionCode(); + } _SEH_END; return Status; } diff --git a/drivers/network/afd/afd/write.c b/drivers/network/afd/afd/write.c index 2fb18a02e95..ff1889448ac 100644 --- a/drivers/network/afd/afd/write.c +++ b/drivers/network/afd/afd/write.c @@ -233,21 +233,23 @@ AfdConnectedSocketWriteData(PDEVICE_OBJECT DeviceObject, PIRP Irp, TdiBuildConnectionInfo( &TargetAddress, FCB->RemoteAddress ); - SocketCalloutEnter( FCB ); + if( TargetAddress ) { + SocketCalloutEnter( FCB ); - Status = TdiSendDatagram - ( &FCB->SendIrp.InFlightRequest, - FCB->AddressFile.Object, - SendReq->BufferArray[0].buf, - SendReq->BufferArray[0].len, - TargetAddress, - &FCB->SendIrp.Iosb, - PacketSocketSendComplete, - FCB ); + Status = TdiSendDatagram + ( &FCB->SendIrp.InFlightRequest, + FCB->AddressFile.Object, + SendReq->BufferArray[0].buf, + SendReq->BufferArray[0].len, + TargetAddress, + &FCB->SendIrp.Iosb, + PacketSocketSendComplete, + FCB ); - SocketCalloutLeave( FCB ); + SocketCalloutLeave( FCB ); - ExFreePool( TargetAddress ); + ExFreePool( TargetAddress ); + } else Status = STATUS_NO_MEMORY; if( Status == STATUS_PENDING ) Status = STATUS_SUCCESS;