[ros-diffs] [cgutman] 35419: - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash

17 Aug 2008

Author: cgutman
Date: Sun Aug 17 17:12:31 2008
New Revision: 35419
URL: http://svn.reactos.org/svn/reactos?rev=35419&view=rev
Log:
 - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED
 - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash
 - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED
 - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash
Modified:
    branches/aicom-network-fixes/drivers/network/afd/afd/listen.c
    branches/aicom-network-fixes/drivers/network/afd/afd/lock.c
    branches/aicom-network-fixes/drivers/network/afd/afd/read.c
    branches/aicom-network-fixes/drivers/network/afd/afd/select.c
Modified: branches/aicom-network-fixes/drivers/network/afd/afd/listen.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/netw...
==============================================================================

--- branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -83,19 +83,18 @@
 ( PDEVICE_OBJECT DeviceObject,
   PIRP Irp,
   PVOID Context ) {
-    NTSTATUS Status = STATUS_UNSUCCESSFUL;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
-    if ( Irp->Cancel ) {
-	/* FIXME: is this anything else we need to do? */
-	FCB->ListenIrp.InFlightRequest = NULL;
+    if( !SocketAcquireStateLock( FCB ) ) return Status;
+
+    FCB->ListenIrp.InFlightRequest = NULL;
+
+    if( Irp->Cancel ) {
+	SocketStateUnlock( FCB );
    return STATUS_SUCCESS;
     }
-
-    if( !SocketAcquireStateLock( FCB ) ) return Status;
-
-    FCB->ListenIrp.InFlightRequest = NULL;
if( FCB->State == SOCKET_STATE_CLOSED ) {
    SocketStateUnlock( FCB );
Modified: branches/aicom-network-fixes/drivers/network/afd/afd/lock.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/netw...
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -262,7 +262,7 @@
NTSTATUS LostSocket( PIRP Irp ) {
-    NTSTATUS Status = STATUS_INVALID_PARAMETER;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     AFD_DbgPrint(MIN_TRACE,("Called.\n"));
     Irp->IoStatus.Information = 0;
     Irp->IoStatus.Status = Status;
Modified: branches/aicom-network-fixes/drivers/network/afd/afd/read.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/netw...
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -449,7 +449,7 @@
AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
-    if( !SocketAcquireStateLock( FCB ) ) return STATUS_UNSUCCESSFUL;
+    if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED;
FCB->ReceiveIrp.InFlightRequest = NULL;
Modified: branches/aicom-network-fixes/drivers/network/afd/afd/select.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/netw...
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -277,6 +277,10 @@
    (PAFD_EVENT_SELECT_INFO)LockRequest( Irp, IrpSp );
     PAFD_FCB FCB = FileObject->FsContext;
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EventSelectInfo ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
    			   0, NULL );
@@ -284,10 +288,6 @@
     AFD_DbgPrint(MID_TRACE,("Called (Event %x Triggers %x)\n",
    		    EventSelectInfo->EventObject,
    		    EventSelectInfo->Events));
-
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
-    }
FCB->EventSelectTriggers = FCB->EventsFired = 0;
     if( FCB->EventSelect ) ObDereferenceObject( FCB->EventSelect );
@@ -325,13 +325,13 @@
AFD_DbgPrint(MID_TRACE,("Called (FCB %x)\n", FCB));
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EnumReq ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
    			   0, NULL );
-    }
-
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
     }
EnumReq->PollEvents = FCB->PollState;

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004