Author: cgutman Date: Sat Jul 16 17:17:08 2011 New Revision: 52698
URL: http://svn.reactos.org/svn/reactos?rev=52698&view=rev Log: [TCPIP] - Fix the broken TDI_QUERY_CONNECTION_INFO implementation - Perform buffer size checks on TDI_QUERY_MAX_DATAGRAM_INFO requests [AFD] - Greatly simplify AfdGetPeerName by using the remote address stored while connecting
Modified: trunk/reactos/drivers/network/afd/afd/info.c trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
Modified: trunk/reactos/drivers/network/afd/afd/info.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/inf... ============================================================================== --- trunk/reactos/drivers/network/afd/afd/info.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/afd/afd/info.c [iso-8859-1] Sat Jul 16 17:17:08 2011 @@ -236,60 +236,27 @@ NTSTATUS NTAPI AfdGetPeerName( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp ) { - NTSTATUS Status = STATUS_SUCCESS; - PFILE_OBJECT FileObject = IrpSp->FileObject; - PAFD_FCB FCB = FileObject->FsContext; - PMDL Mdl = NULL; - PTDI_CONNECTION_INFORMATION ConnInfo = NULL; + NTSTATUS Status; + PFILE_OBJECT FileObject = IrpSp->FileObject; + PAFD_FCB FCB = FileObject->FsContext;
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
- if (FCB->RemoteAddress == NULL || FCB->Connection.Object == NULL) { + if (FCB->RemoteAddress == NULL) { AFD_DbgPrint(MIN_TRACE,("Invalid parameter\n")); return UnlockAndMaybeComplete( FCB, STATUS_INVALID_PARAMETER, Irp, 0 ); }
- if(NT_SUCCESS(Status = TdiBuildNullConnectionInfo - (&ConnInfo, - FCB->RemoteAddress->Address[0].AddressType))) + if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= TaLengthOfTransportAddress(FCB->RemoteAddress)) { - Mdl = IoAllocateMdl(ConnInfo, - sizeof(TDI_CONNECTION_INFORMATION) + - TaLengthOfTransportAddress(ConnInfo->RemoteAddress), - FALSE, - FALSE, - NULL); - - if (Mdl) - { - _SEH2_TRY { - MmProbeAndLockPages(Mdl, KernelMode, IoModifyAccess); - } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { - AFD_DbgPrint(MIN_TRACE, ("MmProbeAndLockPages() failed.\n")); - Status = _SEH2_GetExceptionCode(); - } _SEH2_END; - - if (NT_SUCCESS(Status)) - { - Status = TdiQueryInformation(FCB->Connection.Object, - TDI_QUERY_CONNECTION_INFO, - Mdl); - - if (NT_SUCCESS(Status)) - { - if (IrpSp->Parameters.DeviceIoControl.OutputBufferLength >= TaLengthOfTransportAddress(ConnInfo->RemoteAddress)) - RtlCopyMemory(Irp->UserBuffer, ConnInfo->RemoteAddress, TaLengthOfTransportAddress(ConnInfo->RemoteAddress)); - else - { - Status = STATUS_BUFFER_TOO_SMALL; - AFD_DbgPrint(MIN_TRACE,("Buffer too small\n")); - } - } - } - } - - ExFreePool(ConnInfo); + RtlCopyMemory(Irp->UserBuffer, FCB->RemoteAddress, TaLengthOfTransportAddress(FCB->RemoteAddress)); + Status = STATUS_SUCCESS; + } + else + { + AFD_DbgPrint(MIN_TRACE,("Buffer too small\n")); + Status = STATUS_BUFFER_TOO_SMALL; }
return UnlockAndMaybeComplete( FCB, Status, Irp, 0 );
Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpip... ============================================================================== --- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Sat Jul 16 17:17:08 2011 @@ -759,51 +759,45 @@
case TDI_QUERY_CONNECTION_INFO: { - PTDI_CONNECTION_INFORMATION AddressInfo; - PADDRESS_FILE AddrFile; - PCONNECTION_ENDPOINT Endpoint = NULL; - - if (MmGetMdlByteCount(Irp->MdlAddress) < - (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) + - sizeof(PVOID))) { - TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n")); + PTDI_CONNECTION_INFO ConnectionInfo; + PCONNECTION_ENDPOINT Endpoint; + + if (MmGetMdlByteCount(Irp->MdlAddress) < sizeof(*ConnectionInfo)) { + TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n")); return STATUS_BUFFER_TOO_SMALL; }
- AddressInfo = (PTDI_CONNECTION_INFORMATION) + ConnectionInfo = (PTDI_CONNECTION_INFO) MmGetSystemAddressForMdl(Irp->MdlAddress);
switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) { - case TDI_TRANSPORT_ADDRESS_FILE: - AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle; - Endpoint = AddrFile ? AddrFile->Connection : NULL; - break; - case TDI_CONNECTION_FILE: Endpoint = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext; - break; + RtlZeroMemory(ConnectionInfo, sizeof(*ConnectionInfo)); + return STATUS_SUCCESS;
default: TI_DbgPrint(MIN_TRACE, ("Invalid transport context\n")); return STATUS_INVALID_PARAMETER; } - - if (!Endpoint) { - TI_DbgPrint(MID_TRACE, ("No connection object.\n")); - return STATUS_INVALID_PARAMETER; - } - - return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE ); }
case TDI_QUERY_MAX_DATAGRAM_INFO: { - PTDI_MAX_DATAGRAM_INFO MaxDatagramInfo = MmGetSystemAddressForMdl(Irp->MdlAddress); - - MaxDatagramInfo->MaxDatagramSize = 0xFFFF; - - return STATUS_SUCCESS; + PTDI_MAX_DATAGRAM_INFO MaxDatagramInfo; + + if (MmGetMdlByteCount(Irp->MdlAddress) < sizeof(*MaxDatagramInfo)) { + TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n")); + return STATUS_BUFFER_TOO_SMALL; + } + + MaxDatagramInfo = (PTDI_MAX_DATAGRAM_INFO) + MmGetSystemAddressForMdl(Irp->MdlAddress); + + MaxDatagramInfo->MaxDatagramSize = 0xFFFF; + + return STATUS_SUCCESS; } }