mirror of
https://github.com/reactos/reactos.git
synced 2024-09-30 22:47:28 +00:00
Fixed memory overwrite due to too-small allocation.
svn path=/trunk/; revision=10305
This commit is contained in:
parent
b6a9c73c88
commit
c0dd64494d
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: info.c,v 1.3 2004/07/18 22:53:59 arty Exp $
|
/* $Id: info.c,v 1.4 2004/07/29 04:09:06 arty Exp $
|
||||||
* COPYRIGHT: See COPYING in the top level directory
|
* COPYRIGHT: See COPYING in the top level directory
|
||||||
* PROJECT: ReactOS kernel
|
* PROJECT: ReactOS kernel
|
||||||
* FILE: drivers/net/afd/afd/info.c
|
* FILE: drivers/net/afd/afd/info.c
|
||||||
|
@ -11,6 +11,7 @@
|
||||||
#include "tdi_proto.h"
|
#include "tdi_proto.h"
|
||||||
#include "tdiconn.h"
|
#include "tdiconn.h"
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
|
#include "pseh.h"
|
||||||
|
|
||||||
NTSTATUS STDCALL
|
NTSTATUS STDCALL
|
||||||
AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
||||||
|
@ -22,29 +23,34 @@ AfdGetInfo( PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
||||||
|
|
||||||
AFD_DbgPrint(MID_TRACE,("Called %x %x\n", InfoReq,
|
AFD_DbgPrint(MID_TRACE,("Called %x %x\n", InfoReq,
|
||||||
InfoReq ? InfoReq->InformationClass : 0));
|
InfoReq ? InfoReq->InformationClass : 0));
|
||||||
|
|
||||||
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp, TRUE );
|
|
||||||
|
|
||||||
switch( InfoReq->InformationClass ) {
|
_SEH_TRY {
|
||||||
case AFD_INFO_RECEIVE_WINDOW_SIZE:
|
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp, TRUE );
|
||||||
InfoReq->Information.Ulong = FCB->Recv.Size;
|
|
||||||
break;
|
switch( InfoReq->InformationClass ) {
|
||||||
|
case AFD_INFO_RECEIVE_WINDOW_SIZE:
|
||||||
case AFD_INFO_SEND_WINDOW_SIZE:
|
InfoReq->Information.Ulong = FCB->Recv.Size;
|
||||||
InfoReq->Information.Ulong = FCB->Send.Size;
|
break;
|
||||||
AFD_DbgPrint(MID_TRACE,("Send window size %d\n", FCB->Send.Size));
|
|
||||||
break;
|
case AFD_INFO_SEND_WINDOW_SIZE:
|
||||||
|
InfoReq->Information.Ulong = FCB->Send.Size;
|
||||||
case AFD_INFO_GROUP_ID_TYPE:
|
AFD_DbgPrint(MID_TRACE,("Send window size %d\n", FCB->Send.Size));
|
||||||
InfoReq->Information.Ulong = 0; /* What is group id */
|
break;
|
||||||
break;
|
|
||||||
|
case AFD_INFO_GROUP_ID_TYPE:
|
||||||
default:
|
InfoReq->Information.Ulong = 0; /* What is group id */
|
||||||
AFD_DbgPrint(MID_TRACE,("Unknown info id %x\n",
|
break;
|
||||||
InfoReq->InformationClass));
|
|
||||||
|
default:
|
||||||
|
AFD_DbgPrint(MID_TRACE,("Unknown info id %x\n",
|
||||||
|
InfoReq->InformationClass));
|
||||||
|
Status = STATUS_INVALID_PARAMETER;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} _SEH_HANDLE {
|
||||||
|
AFD_DbgPrint(MID_TRACE,("Exception executing GetInfo\n"));
|
||||||
Status = STATUS_INVALID_PARAMETER;
|
Status = STATUS_INVALID_PARAMETER;
|
||||||
break;
|
} _SEH_END;
|
||||||
}
|
|
||||||
|
|
||||||
AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));
|
AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: main.c,v 1.2 2004/07/18 22:49:17 arty Exp $
|
/* $Id: main.c,v 1.3 2004/07/29 04:09:06 arty Exp $
|
||||||
* COPYRIGHT: See COPYING in the top level directory
|
* COPYRIGHT: See COPYING in the top level directory
|
||||||
* PROJECT: ReactOS kernel
|
* PROJECT: ReactOS kernel
|
||||||
* FILE: drivers/net/afd/afd/main.c
|
* FILE: drivers/net/afd/afd/main.c
|
||||||
|
@ -51,6 +51,8 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
||||||
PWCHAR EaInfoValue;
|
PWCHAR EaInfoValue;
|
||||||
UINT Disposition, i;
|
UINT Disposition, i;
|
||||||
|
|
||||||
|
__asm("int3");
|
||||||
|
|
||||||
AFD_DbgPrint(MID_TRACE,
|
AFD_DbgPrint(MID_TRACE,
|
||||||
("AfdCreate(DeviceObject %p Irp %p)\n", DeviceObject, Irp));
|
("AfdCreate(DeviceObject %p Irp %p)\n", DeviceObject, Irp));
|
||||||
|
|
||||||
|
@ -80,7 +82,7 @@ AfdCreateSocket(PDEVICE_OBJECT DeviceObject, PIRP Irp,
|
||||||
|
|
||||||
AFD_DbgPrint(MID_TRACE,("About to allocate the new FCB\n"));
|
AFD_DbgPrint(MID_TRACE,("About to allocate the new FCB\n"));
|
||||||
|
|
||||||
FCB = ExAllocatePool(NonPagedPool, sizeof(PAFD_FCB));
|
FCB = ExAllocatePool(NonPagedPool, sizeof(AFD_FCB));
|
||||||
if( FCB == NULL ) {
|
if( FCB == NULL ) {
|
||||||
Irp->IoStatus.Status = STATUS_NO_MEMORY;
|
Irp->IoStatus.Status = STATUS_NO_MEMORY;
|
||||||
IoCompleteRequest(Irp, IO_NO_INCREMENT);
|
IoCompleteRequest(Irp, IO_NO_INCREMENT);
|
||||||
|
|
|
@ -140,6 +140,7 @@ NTSTATUS TdiOpenDevice(
|
||||||
} else {
|
} else {
|
||||||
AFD_DbgPrint(MIN_TRACE, ("ZwCreateFile() failed with status (0x%X)\n", Status));
|
AFD_DbgPrint(MIN_TRACE, ("ZwCreateFile() failed with status (0x%X)\n", Status));
|
||||||
}
|
}
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -203,6 +204,7 @@ NTSTATUS TdiOpenAddressFile(
|
||||||
Address =
|
Address =
|
||||||
(PTRANSPORT_ADDRESS)(EaInfo->EaName + TDI_TRANSPORT_ADDRESS_LENGTH + 1); /* 0-terminated */
|
(PTRANSPORT_ADDRESS)(EaInfo->EaName + TDI_TRANSPORT_ADDRESS_LENGTH + 1); /* 0-terminated */
|
||||||
TaCopyTransportAddressInPlace( Address, Name );
|
TaCopyTransportAddressInPlace( Address, Name );
|
||||||
|
|
||||||
Status = TdiOpenDevice(DeviceName,
|
Status = TdiOpenDevice(DeviceName,
|
||||||
EaLength,
|
EaLength,
|
||||||
EaInfo,
|
EaInfo,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $Id: makefile,v 1.11 2004/07/18 22:49:16 arty Exp $
|
# $Id: makefile,v 1.12 2004/07/29 04:09:05 arty Exp $
|
||||||
|
|
||||||
PATH_TO_TOP = ../../..
|
PATH_TO_TOP = ../../..
|
||||||
|
|
||||||
|
@ -6,6 +6,9 @@ TARGET_TYPE = driver
|
||||||
|
|
||||||
TARGET_NAME = afd
|
TARGET_NAME = afd
|
||||||
|
|
||||||
|
TARGET_DDKLIBS = \
|
||||||
|
$(PATH_TO_TOP)/dk/w32/lib/pseh.a
|
||||||
|
|
||||||
TARGET_CFLAGS = -I./include -I$(PATH_TO_TOP)/w32api/include/ddk -I$(PATH_TO_TOP)/include/afd -DDBG -D__USE_W32API -Werror -Wall
|
TARGET_CFLAGS = -I./include -I$(PATH_TO_TOP)/w32api/include/ddk -I$(PATH_TO_TOP)/include/afd -DDBG -D__USE_W32API -Werror -Wall
|
||||||
|
|
||||||
TARGET_OBJECTS = \
|
TARGET_OBJECTS = \
|
||||||
|
|
Loading…
Reference in a new issue