[cgutman] 47650: [MSAFD] - Validate that we found the corresponding socket information in our socket information list - Fixes a crash in Firefox 2 when it tries to call accept() with a closed socket
Author: cgutman Date: Mon Jun 7 03:24:15 2010 New Revision: 47650
URL: http://svn.reactos.org/svn/reactos?rev=47650&view=rev Log: [MSAFD] - Validate that we found the corresponding socket information in our socket information list - Fixes a crash in Firefox 2 when it tries to call accept() with a closed socket
Modified: trunk/reactos/dll/win32/msafd/misc/dllmain.c trunk/reactos/dll/win32/msafd/misc/event.c trunk/reactos/dll/win32/msafd/misc/sndrcv.c
Modified: trunk/reactos/dll/win32/msafd/misc/dllmain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/dllmai... ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/dllmain.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/dllmain.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -440,6 +440,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
if (Socket->HelperEvents & WSH_NOTIFY_CLOSE) { @@ -635,6 +641,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + HeapFree(GlobalHeap, 0, BindData); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Set up Address in TDI Format */ BindData->Address.TAAddressCount = 1; @@ -728,6 +740,11 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
if (Socket->SharedData.Listening) return 0; @@ -1072,6 +1089,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return INVALID_SOCKET; + }
/* If this is non-blocking, make sure there's something for us to accept */ FD_ZERO(&ReadSet); @@ -1428,6 +1451,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Bind us First */ if (Socket->SharedData.State == SocketOpen) @@ -1644,6 +1673,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Set AFD Disconnect Type */ switch (HowTo) @@ -1718,6 +1753,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Allocate a buffer for the address */ TdiAddressSize = @@ -1806,6 +1847,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(s); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Allocate a buffer for the address */ TdiAddressSize = sizeof(TRANSPORT_ADDRESS) + *NameLength; @@ -1883,6 +1930,11 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
switch( dwIoControlCode ) {
Modified: trunk/reactos/dll/win32/msafd/misc/event.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/event.... ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/event.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/event.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -36,6 +36,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Set Socket to Non-Blocking */ BlockMode = 1; @@ -152,6 +158,12 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + NtClose(SockEvent); + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
EnumReq.Event = hEventObject;
Modified: trunk/reactos/dll/win32/msafd/misc/sndrcv.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msafd/misc/sndrcv... ============================================================================== --- trunk/reactos/dll/win32/msafd/misc/sndrcv.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msafd/misc/sndrcv.c [iso-8859-1] Mon Jun 7 03:24:15 2010 @@ -29,6 +29,11 @@
/* Get the Socket Structure associated to this Socket */ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Allocate the Async Data Structure to pass on to the Thread later */ AsyncData = HeapAlloc(GetProcessHeap(), 0, sizeof(*AsyncData)); @@ -111,6 +116,11 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -261,6 +271,11 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -399,6 +414,11 @@
/* Get the Socket Structure associate to this Socket*/ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
Status = NtCreateEvent( &SockEvent, GENERIC_READ | GENERIC_WRITE, NULL, 1, FALSE ); @@ -523,6 +543,11 @@
/* Get the Socket Structure associate to this Socket */ Socket = GetSocketStructure(Handle); + if (!Socket) + { + *lpErrno = WSAENOTSOCK; + return SOCKET_ERROR; + }
/* Bind us First */ if (Socket->SharedData.State == SocketOpen)
-
cgutman@svn.reactos.org