https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2e1aeb12dfd8b44b4b57d… commit 2e1aeb12dfd8b44b4b57d377b59ef347dfe3386e Author: Thomas Brogan <brogan.tom.iii(a)gmail.com> AuthorDate: Tue Jul 28 00:08:00 2020 +0300 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sat Oct 3 13:05:12 2020 +0200 [TCPIP] Add NULL checks in DispTdiQueryInformation. CORE-12274 Add additional NULL checks to DispTdiQueryInformation, which return STATUS_INVALID_PARAMETER. Co-authored-by: Peter Hater <7element(a)mail.bg> --- drivers/network/tcpip/tcpip/dispatch.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/network/tcpip/tcpip/dispatch.c b/drivers/network/tcpip/tcpip/dispatch.c index bb3625c731c..da2a00ba5bd 100644 --- a/drivers/network/tcpip/tcpip/dispatch.c +++ b/drivers/network/tcpip/tcpip/dispatch.c @@ -711,6 +711,12 @@ NTSTATUS DispTdiQueryInformation( switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) { case TDI_TRANSPORT_ADDRESS_FILE: AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle; + if (AddrFile == NULL) + { + TI_DbgPrint(MIN_TRACE, ("FIXME: No address file object.\n")); + ASSERT(AddrFile != NULL); + return STATUS_INVALID_PARAMETER; + } Address->TAAddressCount = 1; Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP; @@ -725,6 +731,12 @@ NTSTATUS DispTdiQueryInformation( case TDI_CONNECTION_FILE: Endpoint = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext; + if (Endpoint == NULL || Endpoint->AddressFile == NULL) + { + TI_DbgPrint(MIN_TRACE, ("FIXME: No connection endpoint file object.\n")); + ASSERT(Endpoint != NULL && Endpoint->AddressFile != NULL); + return STATUS_INVALID_PARAMETER; + } Address->TAAddressCount = 1; Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;