https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f8a6542b15efa996d67260...
commit f8a6542b15efa996d672609e651485f50310a6c0 Author: David L Bean d_bean@hotmail.com AuthorDate: Mon Jul 24 13:18:16 2023 -0400 Commit: Thomas Faber thomas.faber@reactos.org CommitDate: Sun Jul 30 16:52:55 2023 -0400
[IP] Don't reference uninitialized PCB to avoid BSOD. CORE-18982
transport calls to LibTCPConnect that suffer certain early failures like parameter errors or early route lookup failures return without initializing the pcb. In order to avoid later BSOD's this change clears the ConnectionRequest bucket in those cases. --- drivers/network/tcpip/ip/transport/tcp/tcp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/network/tcpip/ip/transport/tcp/tcp.c b/drivers/network/tcpip/ip/transport/tcp/tcp.c index 3d65e9a46b9..89b9184fdca 100644 --- a/drivers/network/tcpip/ip/transport/tcp/tcp.c +++ b/drivers/network/tcpip/ip/transport/tcp/tcp.c @@ -411,7 +411,13 @@ NTSTATUS TCPConnect Status = TCPTranslateError(LibTCPConnect(Connection, &connaddr, RemotePort)); - + if (!NT_SUCCESS(Status)) + { + LockObject(Connection); + RemoveEntryList(&Bucket->Entry); + UnlockObject(Connection); + ExFreeToNPagedLookasideList(&TdiBucketLookasideList, Bucket); + } TI_DbgPrint(DEBUG_TCP,("[IP, TCPConnect] Leaving. Status = 0x%x\n", Status));
return Status;
-
David L Bean