[ros-diffs] [cgutman] 35419: - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash

Author: cgutman Date: Sun Aug 17 17:12:31 2008 New Revision: 35419 URL: http://svn.reactos.org/svn/reactos?rev=35419&view=rev Log: - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash Modified: branches/aicom-network-fixes/drivers/network/afd/afd/listen.c branches/aicom-network-fixes/drivers/network/afd/afd/lock.c branches/aicom-network-fixes/drivers/network/afd/afd/read.c branches/aicom-network-fixes/drivers/network/afd/afd/select.c Modified: branches/aicom-network-fixes/drivers/network/afd/afd/listen.c URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/net… ============================================================================== --- branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] (original) +++ branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] Sun Aug 17 17:12:31 2008 @@ -83,19 +83,18 @@ ( PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context ) { - NTSTATUS Status = STATUS_UNSUCCESSFUL; + NTSTATUS Status = STATUS_FILE_CLOSED; PAFD_FCB FCB = (PAFD_FCB)Context; PAFD_TDI_OBJECT_QELT Qelt; - if ( Irp->Cancel ) { - /* FIXME: is this anything else we need to do? */ - FCB->ListenIrp.InFlightRequest = NULL; + if( !SocketAcquireStateLock( FCB ) ) return Status; + + FCB->ListenIrp.InFlightRequest = NULL; + + if( Irp->Cancel ) { + SocketStateUnlock( FCB ); return STATUS_SUCCESS; } - - if( !SocketAcquireStateLock( FCB ) ) return Status; - - FCB->ListenIrp.InFlightRequest = NULL; if( FCB->State == SOCKET_STATE_CLOSED ) { SocketStateUnlock( FCB ); Modified: branches/aicom-network-fixes/drivers/network/afd/afd/lock.c URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/net… ============================================================================== --- branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] (original) +++ branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] Sun Aug 17 17:12:31 2008 @@ -262,7 +262,7 @@ NTSTATUS LostSocket( PIRP Irp ) { - NTSTATUS Status = STATUS_INVALID_PARAMETER; + NTSTATUS Status = STATUS_FILE_CLOSED; AFD_DbgPrint(MIN_TRACE,("Called.\n")); Irp->IoStatus.Information = 0; Irp->IoStatus.Status = Status; Modified: branches/aicom-network-fixes/drivers/network/afd/afd/read.c URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/net… ============================================================================== --- branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] (original) +++ branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] Sun Aug 17 17:12:31 2008 @@ -449,7 +449,7 @@ AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB)); - if( !SocketAcquireStateLock( FCB ) ) return STATUS_UNSUCCESSFUL; + if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED; FCB->ReceiveIrp.InFlightRequest = NULL; Modified: branches/aicom-network-fixes/drivers/network/afd/afd/select.c URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/net… ============================================================================== --- branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] (original) +++ branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] Sun Aug 17 17:12:31 2008 @@ -277,6 +277,10 @@ (PAFD_EVENT_SELECT_INFO)LockRequest( Irp, IrpSp ); PAFD_FCB FCB = FileObject->FsContext; + if( !SocketAcquireStateLock( FCB ) ) { + return LostSocket( Irp ); + } + if ( !EventSelectInfo ) { return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp, 0, NULL ); @@ -284,10 +288,6 @@ AFD_DbgPrint(MID_TRACE,("Called (Event %x Triggers %x)\n", EventSelectInfo->EventObject, EventSelectInfo->Events)); - - if( !SocketAcquireStateLock( FCB ) ) { - return LostSocket( Irp ); - } FCB->EventSelectTriggers = FCB->EventsFired = 0; if( FCB->EventSelect ) ObDereferenceObject( FCB->EventSelect ); @@ -325,13 +325,13 @@ AFD_DbgPrint(MID_TRACE,("Called (FCB %x)\n", FCB)); + if( !SocketAcquireStateLock( FCB ) ) { + return LostSocket( Irp ); + } + if ( !EnumReq ) { return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp, 0, NULL ); - } - - if( !SocketAcquireStateLock( FCB ) ) { - return LostSocket( Irp ); } EnumReq->PollEvents = FCB->PollState;