Author: cgutman Date: Mon Jun 7 03:24:15 2010 New Revision: 47650 URL: http://svn.reactos.org/svn/reactos?rev=47650&view=rev Log: [MSAFD] - Validate that we found the corresponding socket information in our socket information list - Fixes a crash in Firefox 2 when it tries to call accept() with a closed socket Modified: trunk/reactos/dll/win32/msafd/misc/dllmain.c trunk/reactos/dll/win32/msafd/misc/event.c trunk/reactos/dll/win32/msafd/misc/sndrcv.c Modified: trunk/reactos/dll/win32/msafd/misc/dllmain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/dllma… ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/dllmain.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/dllmain.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -440,6 +440,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } if (Socket->HelperEvents & WSH_NOTIFY_CLOSE) { @@ -635,6 +641,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + HeapFree(GlobalHeap, 0, BindData); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Set up Address in TDI Format */ BindData->Address.TAAddressCount = 1; @@ -728,6 +740,11 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } if (Socket->SharedData.Listening) return 0; @@ -1072,6 +1089,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return INVALID_SOCKET; + } /* If this is non-blocking, make sure there's something for us to accept */ FD_ZERO(&ReadSet); @@ -1428,6 +1451,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Bind us First */ if (Socket->SharedData.State == SocketOpen) @@ -1644,6 +1673,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Set AFD Disconnect Type */ switch (HowTo) @@ -1718,6 +1753,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Allocate a buffer for the address */ TdiAddressSize = @@ -1806,6 +1847,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(s); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Allocate a buffer for the address */ TdiAddressSize = sizeof(TRANSPORT_ADDRESS) + *NameLength; @@ -1883,6 +1930,11 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } switch( dwIoControlCode ) { Modified: trunk/reactos/dll/win32/msafd/misc/event.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/event… ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/event.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/event.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -36,6 +36,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Set Socket to Non-Blocking */ BlockMode = 1; @@ -152,6 +158,12 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } EnumReq.Event = hEventObject; Modified: trunk/reactos/dll/win32/msafd/misc/sndrcv.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/sndrc… ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/sndrcv.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/sndrcv.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -29,6 +29,11 @@ /* Get the Socket Structure associated to this Socket */ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Allocate the Async Data Structure to pass on to the Thread later */ AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(*AsyncData)); @@ -111,6 +116,11 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -261,6 +271,11 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -399,6 +414,11 @@ /* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -523,6 +543,11 @@ /* Get the Socket Structure associate to this Socket */ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + } /* Bind us First */ if (Socket->SharedData.State == SocketOpen)