Author: cgutman Date: Fri Aug 14 01:42:21 2009 New Revision: 42660
URL: http://svn.reactos.org/svn/reactos?rev=42660&view=rev Log: - Fix a NULL pointer dereference if ExAllocatePool fails - Move some sanity checks into the right location - Fix another NULL pointer dereference if there is not a socket on the queue - Also spotted by Amine Khaldi
Modified: trunk/reactos/lib/drivers/ip/network/routines.c trunk/reactos/lib/drivers/ip/transport/tcp/accept.c trunk/reactos/lib/drivers/oskittcp/oskittcp/interface.c
Modified: trunk/reactos/lib/drivers/ip/network/routines.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/network/rout... ============================================================================== --- trunk/reactos/lib/drivers/ip/network/routines.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/network/routines.c [iso-8859-1] Fri Aug 14 01:42:21 2009 @@ -117,9 +117,11 @@ NdisQueryPacket(IPPacket->NdisPacket, NULL, NULL, NULL, &Length); Length -= MaxLLHeaderSize; Buffer = exAllocatePool(NonPagedPool, Length); - Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length); - DisplayTCPHeader(Buffer, Length); - exFreePool(Buffer); + if (Buffer) { + Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length); + DisplayTCPHeader(Buffer, Length); + exFreePool(Buffer); + } } else { Buffer = IPPacket->Header; Length = IPPacket->ContigSize;
Modified: trunk/reactos/lib/drivers/ip/transport/tcp/accept.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/transport/tc... ============================================================================== --- trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ip/transport/tcp/accept.c [iso-8859-1] Fri Aug 14 01:42:21 2009 @@ -70,16 +70,16 @@ NTSTATUS Status = STATUS_SUCCESS; SOCKADDR_IN AddressToBind;
- TI_DbgPrint(DEBUG_TCP,("TCPListen started\n")); - - TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n", - Connection->SocketContext)); + TcpipRecursiveMutexEnter( &TCPLock, TRUE );
ASSERT(Connection); ASSERT_KM_POINTER(Connection->SocketContext); ASSERT_KM_POINTER(Connection->AddressFile);
- TcpipRecursiveMutexEnter( &TCPLock, TRUE ); + TI_DbgPrint(DEBUG_TCP,("TCPListen started\n")); + + TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n", + Connection->SocketContext));
AddressToBind.sin_family = AF_INET; memcpy( &AddressToBind.sin_addr,
Modified: trunk/reactos/lib/drivers/oskittcp/oskittcp/interface.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/oskittcp/oskitt... ============================================================================== --- trunk/reactos/lib/drivers/oskittcp/oskittcp/interface.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/oskittcp/oskittcp/interface.c [iso-8859-1] Fri Aug 14 01:42:21 2009 @@ -358,14 +358,14 @@ so = head->so_q;
inp = so ? (struct inpcb *)so->so_pcb : NULL; - if( inp ) { + if( inp && name ) { ((struct sockaddr_in *)AddrOut)->sin_addr.s_addr = inp->inp_faddr.s_addr; ((struct sockaddr_in *)AddrOut)->sin_port = inp->inp_fport; }
OS_DbgPrint(OSK_MID_TRACE,("error = %d\n", error)); - if( FinishAccepting ) { + if( FinishAccepting && so ) { head->so_q = so->so_q; head->so_qlen--;