Author: pschweitzer Date: Sun Jun 11 07:56:18 2017 New Revision: 74992
URL: http://svn.reactos.org/svn/reactos?rev=74992&view=rev Log: [WS2_32] Don't pass a null ptr at MSAFD to avoid dereference. Fixes crash in ws2_32:sock
Modified: trunk/reactos/dll/win32/ws2_32/src/sockctrl.c
Modified: trunk/reactos/dll/win32/ws2_32/src/sockctrl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ws2_32/src/sockct... ============================================================================== --- trunk/reactos/dll/win32/ws2_32/src/sockctrl.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/ws2_32/src/sockctrl.c [iso-8859-1] Sun Jun 11 07:56:18 2017 @@ -39,54 +39,62 @@ /* Get the Socket Context */ if ((Socket = WsSockGetSocket(s))) { - while (TRUE) - { - /* Make the call */ - Status = Socket->Provider->Service.lpWSPConnect(s, - name, - namelen, - NULL, - NULL, - NULL, - NULL, - &ErrorCode); - - /* Check if error code was due to the host not being found */ - if ((Status == SOCKET_ERROR) && - ((ErrorCode == WSAEHOSTUNREACH) || - (ErrorCode == WSAENETUNREACH))) + if (!IsBadReadPtr(name, sizeof(struct sockaddr))) + { + while (TRUE) { - /* Check if we can try again */ - if (TryAgain) + /* Make the call */ + Status = Socket->Provider->Service.lpWSPConnect(s, + name, + namelen, + NULL, + NULL, + NULL, + NULL, + &ErrorCode); + + /* Check if error code was due to the host not being found */ + if ((Status == SOCKET_ERROR) && + ((ErrorCode == WSAEHOSTUNREACH) || + (ErrorCode == WSAENETUNREACH))) { - /* Save the old error code */ - OldErrorCode = ErrorCode; - - /* Make sure we don't retry 3 times */ - TryAgain = FALSE; - - /* Make the RAS Auto-dial attempt */ - if (WSAttemptAutodialAddr(name, namelen)) continue; + /* Check if we can try again */ + if (TryAgain) + { + /* Save the old error code */ + OldErrorCode = ErrorCode; + + /* Make sure we don't retry 3 times */ + TryAgain = FALSE; + + /* Make the RAS Auto-dial attempt */ + if (WSAttemptAutodialAddr(name, namelen)) continue; + } + else + { + /* Restore the error code */ + ErrorCode = OldErrorCode; + } } - else - { - /* Restore the error code */ - ErrorCode = OldErrorCode; - } + + /* Break out of the loop */ + break; }
- /* Break out of the loop */ - break; - } - - /* Deference the Socket Context */ - WsSockDereference(Socket); - - /* Return Provider Value */ - if (Status == ERROR_SUCCESS) return Status; - - /* If everything seemed fine, then the WSP call failed itself */ - if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE; + /* Deference the Socket Context */ + WsSockDereference(Socket); + + /* Return Provider Value */ + if (Status == ERROR_SUCCESS) return Status; + + /* If everything seemed fine, then the WSP call failed itself */ + if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE; + } + else + { + /* Invalid user pointer */ + ErrorCode = WSAEFAULT; + } } else {