- Fix a NULL pointer dereference if ExAllocatePool fails

- Move some sanity checks into the right location - Fix another NULL pointer dereference if there is not a socket on the queue - Also spotted by Amine Khaldi svn path=/trunk/; revision=42660
2025-05-30 06:28:34 +00:00 · 2009-08-13 23:42:21 +00:00 · 2009-08-13 23:42:21 +00:00 · e90b905e0b
commit e90b905e0b
parent 42e498c4b0
3 changed files with 12 additions and 10 deletions
--- a/reactos/lib/drivers/ip/network/routines.c
+++ b/reactos/lib/drivers/ip/network/routines.c
@ -117,9 +117,11 @@ VOID DisplayTCPPacket(
        NdisQueryPacket(IPPacket->NdisPacket, NULL, NULL, NULL, &Length);
        Length -= MaxLLHeaderSize;
        Buffer = exAllocatePool(NonPagedPool, Length);
-        Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length);
-        DisplayTCPHeader(Buffer, Length);
-        exFreePool(Buffer);
+        if (Buffer) {
+            Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length);
+            DisplayTCPHeader(Buffer, Length);
+            exFreePool(Buffer);
+        }
    } else {
        Buffer = IPPacket->Header;
        Length = IPPacket->ContigSize;
--- a/reactos/lib/drivers/ip/transport/tcp/accept.c
+++ b/reactos/lib/drivers/ip/transport/tcp/accept.c
@ -70,16 +70,16 @@ NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog ) {
    NTSTATUS Status = STATUS_SUCCESS;
    SOCKADDR_IN AddressToBind;

-    TI_DbgPrint(DEBUG_TCP,("TCPListen started\n"));
-
-    TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n",
-    Connection->SocketContext));
+    TcpipRecursiveMutexEnter( &TCPLock, TRUE );

    ASSERT(Connection);
    ASSERT_KM_POINTER(Connection->SocketContext);
    ASSERT_KM_POINTER(Connection->AddressFile);

-    TcpipRecursiveMutexEnter( &TCPLock, TRUE );
+    TI_DbgPrint(DEBUG_TCP,("TCPListen started\n"));
+
+    TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n",
+    Connection->SocketContext));

    AddressToBind.sin_family = AF_INET;
    memcpy( &AddressToBind.sin_addr,
--- a/reactos/lib/drivers/oskittcp/oskittcp/interface.c
+++ b/reactos/lib/drivers/oskittcp/oskittcp/interface.c
@ -358,14 +358,14 @@ int OskitTCPAccept( void *socket,
    so = head->so_q;

    inp = so ? (struct inpcb *)so->so_pcb : NULL;
-    if( inp ) {
+    if( inp && name ) {
        ((struct sockaddr_in *)AddrOut)->sin_addr.s_addr =
            inp->inp_faddr.s_addr;
        ((struct sockaddr_in *)AddrOut)->sin_port = inp->inp_fport;
    }

    OS_DbgPrint(OSK_MID_TRACE,("error = %d\n", error));
-    if( FinishAccepting ) {
+    if( FinishAccepting && so ) {
 	head->so_q = so->so_q;
 	head->so_qlen--;