https://git.reactos.org/?p=reactos.git;a=commitdiff;h=2e1aeb12dfd8b44b4b57d3...
commit 2e1aeb12dfd8b44b4b57d377b59ef347dfe3386e Author: Thomas Brogan brogan.tom.iii@gmail.com AuthorDate: Tue Jul 28 00:08:00 2020 +0300 Commit: Thomas Faber thomas.faber@reactos.org CommitDate: Sat Oct 3 13:05:12 2020 +0200
[TCPIP] Add NULL checks in DispTdiQueryInformation. CORE-12274
Add additional NULL checks to DispTdiQueryInformation, which return STATUS_INVALID_PARAMETER.
Co-authored-by: Peter Hater 7element@mail.bg --- drivers/network/tcpip/tcpip/dispatch.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/drivers/network/tcpip/tcpip/dispatch.c b/drivers/network/tcpip/tcpip/dispatch.c index bb3625c731c..da2a00ba5bd 100644 --- a/drivers/network/tcpip/tcpip/dispatch.c +++ b/drivers/network/tcpip/tcpip/dispatch.c @@ -711,6 +711,12 @@ NTSTATUS DispTdiQueryInformation( switch ((ULONG_PTR)IrpSp->FileObject->FsContext2) { case TDI_TRANSPORT_ADDRESS_FILE: AddrFile = (PADDRESS_FILE)TranContext->Handle.AddressHandle; + if (AddrFile == NULL) + { + TI_DbgPrint(MIN_TRACE, ("FIXME: No address file object.\n")); + ASSERT(AddrFile != NULL); + return STATUS_INVALID_PARAMETER; + }
Address->TAAddressCount = 1; Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP; @@ -725,6 +731,12 @@ NTSTATUS DispTdiQueryInformation( case TDI_CONNECTION_FILE: Endpoint = (PCONNECTION_ENDPOINT)TranContext->Handle.ConnectionContext; + if (Endpoint == NULL || Endpoint->AddressFile == NULL) + { + TI_DbgPrint(MIN_TRACE, ("FIXME: No connection endpoint file object.\n")); + ASSERT(Endpoint != NULL && Endpoint->AddressFile != NULL); + return STATUS_INVALID_PARAMETER; + }
Address->TAAddressCount = 1; Address->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
-
Thomas Brogan