[pschweitzer] 74992: [WS2_32] Don't pass a null ptr at MSAFD to avoid dereference. Fixes crash in ws2_32:sock
11 Jun
2017
11 Jun
'17
7:56 a.m.
Author: pschweitzer
Date: Sun Jun 11 07:56:18 2017
New Revision: 74992
URL: http://svn.reactos.org/svn/reactos?rev=74992&view=rev
Log:
[WS2_32]
Don't pass a null ptr at MSAFD to avoid dereference.
Fixes crash in ws2_32:sock
Modified:
trunk/reactos/dll/win32/ws2_32/src/sockctrl.c
Modified: trunk/reactos/dll/win32/ws2_32/src/sockctrl.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ws2_32/src/sockc…
==============================================================================
--- trunk/reactos/dll/win32/ws2_32/src/sockctrl.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/ws2_32/src/sockctrl.c [iso-8859-1] Sun Jun 11 07:56:18 2017
@@ -39,54 +39,62 @@
/* Get the Socket Context */
if ((Socket = WsSockGetSocket(s)))
{
- while (TRUE)
- {
- /* Make the call */
- Status = Socket->Provider->Service.lpWSPConnect(s,
- name,
- namelen,
- NULL,
- NULL,
- NULL,
- NULL,
- &ErrorCode);
-
- /* Check if error code was due to the host not being found */
- if ((Status == SOCKET_ERROR) &&
- ((ErrorCode == WSAEHOSTUNREACH) ||
- (ErrorCode == WSAENETUNREACH)))
+ if (!IsBadReadPtr(name, sizeof(struct sockaddr)))
+ {
+ while (TRUE)
{
- /* Check if we can try again */
- if (TryAgain)
+ /* Make the call */
+ Status = Socket->Provider->Service.lpWSPConnect(s,
+ name,
+ namelen,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &ErrorCode);
+
+ /* Check if error code was due to the host not being found */
+ if ((Status == SOCKET_ERROR) &&
+ ((ErrorCode == WSAEHOSTUNREACH) ||
+ (ErrorCode == WSAENETUNREACH)))
{
- /* Save the old error code */
- OldErrorCode = ErrorCode;
-
- /* Make sure we don't retry 3 times */
- TryAgain = FALSE;
-
- /* Make the RAS Auto-dial attempt */
- if (WSAttemptAutodialAddr(name, namelen)) continue;
+ /* Check if we can try again */
+ if (TryAgain)
+ {
+ /* Save the old error code */
+ OldErrorCode = ErrorCode;
+
+ /* Make sure we don't retry 3 times */
+ TryAgain = FALSE;
+
+ /* Make the RAS Auto-dial attempt */
+ if (WSAttemptAutodialAddr(name, namelen)) continue;
+ }
+ else
+ {
+ /* Restore the error code */
+ ErrorCode = OldErrorCode;
+ }
}
- else
- {
- /* Restore the error code */
- ErrorCode = OldErrorCode;
- }
+
+ /* Break out of the loop */
+ break;
}
- /* Break out of the loop */
- break;
- }
-
- /* Deference the Socket Context */
- WsSockDereference(Socket);
-
- /* Return Provider Value */
- if (Status == ERROR_SUCCESS) return Status;
-
- /* If everything seemed fine, then the WSP call failed itself */
- if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE;
+ /* Deference the Socket Context */
+ WsSockDereference(Socket);
+
+ /* Return Provider Value */
+ if (Status == ERROR_SUCCESS) return Status;
+
+ /* If everything seemed fine, then the WSP call failed itself */
+ if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE;
+ }
+ else
+ {
+ /* Invalid user pointer */
+ ErrorCode = WSAEFAULT;
+ }
}
else
{
2658
days inactive
2658
days old
0 comments
1 participants
participants (1)
-
pschweitzer@svn.reactos.org