Author: cgutman
Date: Fri Aug 15 13:26:52 2008
New Revision: 35358
URL:
http://svn.reactos.org/svn/reactos?rev=35358&view=rev
Log:
- Fix a memory leak that occurs when AfdSetContext is called with a buffer that is too
small
- Properly return STATUS_BUFFER_TOO_SMALL when the buffer passed is too small
Modified:
branches/aicom-network-fixes/drivers/network/afd/afd/context.c
Modified: branches/aicom-network-fixes/drivers/network/afd/afd/context.c
URL:
http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/net…
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1]
(original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1] Fri Aug 15
13:26:52 2008
@@ -39,27 +39,30 @@
NTSTATUS STDCALL
AfdSetContext( PDEVICE_OBJECT DeviceObject, PIRP Irp,
PIO_STACK_LOCATION IrpSp ) {
- NTSTATUS Status = STATUS_NO_MEMORY;
+ NTSTATUS Status = STATUS_BUFFER_TOO_SMALL;
PFILE_OBJECT FileObject = IrpSp->FileObject;
PAFD_FCB FCB = FileObject->FsContext;
if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
+ if( FCB->Context ) {
+ ExFreePool( FCB->Context );
+ FCB->Context = NULL;
+ }
+
if( FCB->ContextSize <
IrpSp->Parameters.DeviceIoControl.InputBufferLength ) {
- if( FCB->Context )
- ExFreePool( FCB->Context );
FCB->Context =
ExAllocatePool
( PagedPool,
IrpSp->Parameters.DeviceIoControl.InputBufferLength );
- }
- if( FCB->Context ) {
- Status = STATUS_SUCCESS;
+ if( !FCB->Context ) return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp, 0,
NULL );
+
RtlCopyMemory( FCB->Context,
IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
IrpSp->Parameters.DeviceIoControl.InputBufferLength );
+ Status = STATUS_SUCCESS;
}
AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));