Fixed memory overwrite due to too-small allocation.

svn path=/trunk/; revision=10305

reactos/drivers/net/afd/afd/info.c

@@ -1,4 +1,4 @@
-/* $Id: info.c,v 1.3 2004/07/18 22:53:59 arty Exp $
+/* $Id: info.c,v 1.4 2004/07/29 04:09:06 arty Exp $
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
  * FILE:             drivers/net/afd/afd/info.c
@@ -11,6 +11,7 @@
 #include "tdi_proto.h"
 #include "tdiconn.h"
 #include "debug.h"
+#include "pseh.h"
 
 NTSTATUS STDCALL
 AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp, 
@@ -22,29 +23,34 @@ AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 
     AFD_DbgPrint(MID_TRACE,("Called %x %x\n", InfoReq, 
 			    InfoReq ? InfoReq->InformationClass : 0));
-    
-    if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp, TRUE );
 
-    switch( InfoReq->InformationClass ) {
-    case AFD_INFO_RECEIVE_WINDOW_SIZE:
-	InfoReq->Information.Ulong = FCB->Recv.Size;
-	break;
-
-    case AFD_INFO_SEND_WINDOW_SIZE:
-	InfoReq->Information.Ulong = FCB->Send.Size;
-	AFD_DbgPrint(MID_TRACE,("Send window size %d\n", FCB->Send.Size));
-	break;
-
-    case AFD_INFO_GROUP_ID_TYPE:
-	InfoReq->Information.Ulong = 0; /* What is group id */
-	break;
-
-    default:
-	AFD_DbgPrint(MID_TRACE,("Unknown info id %x\n", 
-				InfoReq->InformationClass));
+    _SEH_TRY {
+	if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp, TRUE );
+	
+	switch( InfoReq->InformationClass ) {
+	case AFD_INFO_RECEIVE_WINDOW_SIZE:
+	    InfoReq->Information.Ulong = FCB->Recv.Size;
+	    break;
+	    
+	case AFD_INFO_SEND_WINDOW_SIZE:
+	    InfoReq->Information.Ulong = FCB->Send.Size;
+	    AFD_DbgPrint(MID_TRACE,("Send window size %d\n", FCB->Send.Size));
+	    break;
+	    
+	case AFD_INFO_GROUP_ID_TYPE:
+	    InfoReq->Information.Ulong = 0; /* What is group id */
+	    break;
+	    
+	default:
+	    AFD_DbgPrint(MID_TRACE,("Unknown info id %x\n", 
+				    InfoReq->InformationClass));
+	    Status = STATUS_INVALID_PARAMETER;
+	    break;
+	}
+    } _SEH_HANDLE {
+	AFD_DbgPrint(MID_TRACE,("Exception executing GetInfo\n"));
 	Status = STATUS_INVALID_PARAMETER;
-	break;
-    }
+    } _SEH_END;
 
     AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));
 

reactos/drivers/net/afd/afd/main.c

@@ -1,4 +1,4 @@
-/* $Id: main.c,v 1.2 2004/07/18 22:49:17 arty Exp $
+/* $Id: main.c,v 1.3 2004/07/29 04:09:06 arty Exp $
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
  * FILE:             drivers/net/afd/afd/main.c
@@ -51,6 +51,8 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
     PWCHAR EaInfoValue;
     UINT Disposition, i;
 
+    __asm("int3");
+
     AFD_DbgPrint(MID_TRACE,
 		 ("AfdCreate(DeviceObject %p Irp %p)\n", DeviceObject, Irp));
 
@@ -80,7 +82,7 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
 
     AFD_DbgPrint(MID_TRACE,("About to allocate the new FCB\n"));
 
-    FCB = ExAllocatePool(NonPagedPool, sizeof(PAFD_FCB));
+    FCB = ExAllocatePool(NonPagedPool, sizeof(AFD_FCB));
     if( FCB == NULL ) {
 	Irp->IoStatus.Status = STATUS_NO_MEMORY;
 	IoCompleteRequest(Irp, IO_NO_INCREMENT);

reactos/drivers/net/afd/afd/tdi.c

@@ -140,6 +140,7 @@ NTSTATUS TdiOpenDevice(
     } else {
         AFD_DbgPrint(MIN_TRACE, ("ZwCreateFile() failed with status (0x%X)\n", Status));
     }
+
     return Status;
 }
 
@@ -203,6 +204,7 @@ NTSTATUS TdiOpenAddressFile(
   Address = 
       (PTRANSPORT_ADDRESS)(EaInfo->EaName + TDI_TRANSPORT_ADDRESS_LENGTH + 1); /* 0-terminated */
   TaCopyTransportAddressInPlace( Address, Name );
+
   Status = TdiOpenDevice(DeviceName,
                          EaLength,
                          EaInfo,

reactos/drivers/net/afd/makefile

@@ -1,4 +1,4 @@
-# $Id: makefile,v 1.11 2004/07/18 22:49:16 arty Exp $
+# $Id: makefile,v 1.12 2004/07/29 04:09:05 arty Exp $
 
 PATH_TO_TOP = ../../..
 
@@ -6,6 +6,9 @@ TARGET_TYPE = driver
 
 TARGET_NAME = afd
 
+TARGET_DDKLIBS = \
+	$(PATH_TO_TOP)/dk/w32/lib/pseh.a
+
 TARGET_CFLAGS = -I./include -I$(PATH_TO_TOP)/w32api/include/ddk -I$(PATH_TO_TOP)/include/afd -DDBG -D__USE_W32API -Werror -Wall
 
 TARGET_OBJECTS = \