3 Oct
2020
3 Oct
'20
11:07 a.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2e1aeb12dfd8b44b4b57d…
commit 2e1aeb12dfd8b44b4b57d377b59ef347dfe3386e
Author: Thomas Brogan <brogan.tom.iii(a)gmail.com>
AuthorDate: Tue Jul 28 00:08:00 2020 +0300
Commit: Thomas Faber <thomas.faber(a)reactos.org>
CommitDate: Sat Oct 3 13:05:12 2020 +0200
[TCPIP] Add NULL checks in DispTdiQueryInformation. CORE-12274
Add additional NULL checks to DispTdiQueryInformation,
which return STATUS_INVALID_PARAMETER.
Co-authored-by: Peter Hater <7element(a)mail.bg>
---
drivers/network/tcpip/tcpip/dispatch.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/network/tcpip/tcpip/dispatch.c
b/drivers/network/tcpip/tcpip/dispatch.c
index bb3625c731c..da2a00ba5bd 100644
--- a/drivers/network/tcpip/tcpip/dispatch.c
+++ b/drivers/network/tcpip/tcpip/dispatch.c
@@ -711,6 +711,12 @@ NTSTATUS DispTdiQueryInformation(
switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) {
case TDI_TRANSPORT_ADDRESS_FILE:
AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle;
+ if (AddrFile == NULL)
+ {
+ TI_DbgPrint(MIN_TRACE, ("FIXME: No address file object.\n"));
+ ASSERT(AddrFile != NULL);
+ return STATUS_INVALID_PARAMETER;
+ }
Address->TAAddressCount = 1;
Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
@@ -725,6 +731,12 @@ NTSTATUS DispTdiQueryInformation(
case TDI_CONNECTION_FILE:
Endpoint =
(PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext;
+ if (Endpoint == NULL || Endpoint->AddressFile == NULL)
+ {
+ TI_DbgPrint(MIN_TRACE, ("FIXME: No connection endpoint file
object.\n"));
+ ASSERT(Endpoint != NULL && Endpoint->AddressFile != NULL);
+ return STATUS_INVALID_PARAMETER;
+ }
Address->TAAddressCount = 1;
Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;