Author: cgutman Date: Sun Jul 10 08:25:31 2011 New Revision: 52600 URL: http://svn.reactos.org/svn/reactos?rev=52600&view=rev Log: [AFD] - Fix broken TDI address functions which were causing subtle memory corruptions, wasted memory, and incorrect or uninitialized values of the address length field - Remove some buggy code that wasn't used anywhere - General refactoring to reduce code duplication - Handle an invalid address type properly Modified: trunk/reactos/drivers/network/afd/afd/tdiconn.c trunk/reactos/drivers/network/afd/include/tdiconn.h Modified: trunk/reactos/drivers/network/afd/afd/tdiconn.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/td… ============================================================================== --- trunk/reactos/drivers/network/afd/afd/tdiconn.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/afd/afd/tdiconn.c [iso-8859-1] Sun Jul 10 08:25:31 2011 @@ -15,38 +15,61 @@ UINT TdiAddressSizeFromType( UINT AddressType ) { switch( AddressType ) { case TDI_ADDRESS_TYPE_IP: - return sizeof(TA_IP_ADDRESS); + return TDI_ADDRESS_LENGTH_IP; case TDI_ADDRESS_TYPE_APPLETALK: - return sizeof(TA_APPLETALK_ADDRESS); + return TDI_ADDRESS_LENGTH_APPLETALK; case TDI_ADDRESS_TYPE_NETBIOS: - return sizeof(TA_NETBIOS_ADDRESS); + return TDI_ADDRESS_LENGTH_NETBIOS; /* case TDI_ADDRESS_TYPE_NS: */ case TDI_ADDRESS_TYPE_IPX: - return sizeof(TA_IPX_ADDRESS); + return TDI_ADDRESS_LENGTH_IPX; case TDI_ADDRESS_TYPE_VNS: - return sizeof(TA_VNS_ADDRESS); + return TDI_ADDRESS_LENGTH_VNS; default: DbgPrint("TdiAddressSizeFromType - invalid type: %x\n", AddressType); return 0; } } -UINT TaLengthOfAddress( PTA_ADDRESS Addr ) { - UINT AddrLen = 2 * sizeof( USHORT ) + Addr->AddressLength; +UINT TaLengthOfAddress( PTA_ADDRESS Addr ) +{ + UINT AddrLen = Addr->AddressLength; + + if (!AddrLen) + return 0; + + AddrLen += 2 * sizeof( USHORT ); + AFD_DbgPrint(MID_TRACE,("AddrLen %x\n", AddrLen)); + return AddrLen; } -UINT TaLengthOfTransportAddress( PTRANSPORT_ADDRESS Addr ) { - UINT AddrLen = sizeof(ULONG) + TaLengthOfAddress(&Addr->Address[0]); +UINT TaLengthOfTransportAddress( PTRANSPORT_ADDRESS Addr ) +{ + UINT AddrLen = TaLengthOfAddress(&Addr->Address[0]); + + if (!AddrLen) + return 0; + + AddrLen += sizeof(ULONG); + AFD_DbgPrint(MID_TRACE,("AddrLen %x\n", AddrLen)); + return AddrLen; } UINT TaLengthOfTransportAddressByType(UINT AddressType) { - UINT AddrLen = sizeof(ULONG) + 2 * sizeof(USHORT) + TdiAddressSizeFromType(AddressType); + UINT AddrLen = TdiAddressSizeFromType(AddressType); + + if (!AddrLen) + return 0; + + AddrLen += sizeof(ULONG) + 2 * sizeof(USHORT); + AFD_DbgPrint(MID_TRACE,("AddrLen %x\n", AddrLen)); + return AddrLen; } @@ -58,9 +81,14 @@ PTA_ADDRESS TaCopyAddress( PTA_ADDRESS Source ) { UINT AddrLen = TaLengthOfAddress( Source ); + if (!AddrLen) + return NULL; + PVOID Buffer = ExAllocatePool( NonPagedPool, AddrLen ); + if (Buffer) RtlCopyMemory( Buffer, Source, AddrLen ); + return Buffer; } @@ -74,8 +102,10 @@ UINT AddrLen; PTRANSPORT_ADDRESS A; - ASSERT(OtherAddress->TAAddressCount == 1); AddrLen = TaLengthOfTransportAddress( OtherAddress ); + if (!AddrLen) + return NULL; + A = ExAllocatePool( NonPagedPool, AddrLen ); if( A ) @@ -84,20 +114,39 @@ return A; } +NTSTATUS TdiBuildNullTransportAddressInPlace(PTRANSPORT_ADDRESS A, UINT AddressType) +{ + A->TAAddressCount = 1; + + A->Address[0].AddressLength = TdiAddressSizeFromType(AddressType); + if (!A->Address[0].AddressLength) + return STATUS_INVALID_PARAMETER; + + A->Address[0].AddressType = AddressType; + + RtlZeroMemory(A->Address[0].Address, A->Address[0].AddressLength); + + return STATUS_SUCCESS; +} + PTRANSPORT_ADDRESS TaBuildNullTransportAddress(UINT AddressType) { UINT AddrLen; PTRANSPORT_ADDRESS A; AddrLen = TaLengthOfTransportAddressByType(AddressType); + if (!AddrLen) + return NULL; + A = ExAllocatePool(NonPagedPool, AddrLen); if (A) { - A->TAAddressCount = 1; - A->Address[0].AddressLength = TdiAddressSizeFromType(AddressType); - A->Address[0].AddressType = AddressType; - RtlZeroMemory(A->Address[0].Address, A->Address[0].AddressLength); + if (TdiBuildNullTransportAddressInPlace(A, AddressType) != STATUS_SUCCESS) + { + ExFreePool(A); + return NULL; + } } return A; @@ -118,7 +167,7 @@ ULONG TdiAddressSize; PTRANSPORT_ADDRESS TransportAddress; - TdiAddressSize = TdiAddressSizeFromType(Type); + TdiAddressSize = TaLengthOfTransportAddressByType(Type); if (!TdiAddressSize) return STATUS_INVALID_PARAMETER; @@ -130,10 +179,8 @@ ConnInfo->RemoteAddressLength = TdiAddressSize; ConnInfo->RemoteAddress = TransportAddress = (PTRANSPORT_ADDRESS)&ConnInfo[1]; - TransportAddress->TAAddressCount = 1; - TransportAddress->Address[0].AddressType = Type; - - return STATUS_SUCCESS; + + return TdiBuildNullTransportAddressInPlace(TransportAddress, Type); } NTSTATUS TdiBuildNullConnectionInfo @@ -153,7 +200,7 @@ ULONG TdiAddressSize; NTSTATUS Status; - TdiAddressSize = TdiAddressSizeFromType(Type); + TdiAddressSize = TaLengthOfTransportAddressByType(Type); if (!TdiAddressSize) { *ConnectionInfo = NULL; return STATUS_INVALID_PARAMETER; @@ -170,15 +217,13 @@ Status = TdiBuildNullConnectionInfoInPlace( ConnInfo, Type ); - if (!NT_SUCCESS(Status)) { + if (!NT_SUCCESS(Status)) + { ExFreePool( ConnInfo ); - *ConnectionInfo = NULL; - return Status; - } else - *ConnectionInfo = ConnInfo; - - ConnInfo->RemoteAddress = (PTA_ADDRESS)&ConnInfo[1]; - ConnInfo->RemoteAddressLength = TdiAddressSize; + ConnInfo = NULL; + } + + *ConnectionInfo = ConnInfo; return Status; } @@ -215,60 +260,3 @@ return Status; } -NTSTATUS -TdiBuildConnectionInfoPair -( PTDI_CONNECTION_INFO_PAIR ConnectionInfo, - PTRANSPORT_ADDRESS From, PTRANSPORT_ADDRESS To ) -/* - * FUNCTION: Fill a TDI_CONNECTION_INFO_PAIR struct will the two addresses - * given. - * ARGUMENTS: - * ConnectionInfo: The pair - * From: The from address - * To: The to address - * RETURNS: - * Status of the operation - */ -{ - PCHAR LayoutFrame; - UINT SizeOfEntry; - ULONG TdiAddressSize; - PTDI_CONNECTION_INFORMATION FromTdiConn, ToTdiConn; - - if (!From) return STATUS_INVALID_PARAMETER; - - /* FIXME: Get from socket information */ - TdiAddressSize = TdiAddressSizeFromType(From->Address[0].AddressType); - if (!TdiAddressSize) - return STATUS_INVALID_PARAMETER; - - SizeOfEntry = TdiAddressSize + sizeof(TDI_CONNECTION_INFORMATION); - - LayoutFrame = (PCHAR)ExAllocatePool(NonPagedPool, 2 * SizeOfEntry); - - if (!LayoutFrame) { - AFD_DbgPrint(MIN_TRACE, ("Insufficient resources.\n")); - return STATUS_INSUFFICIENT_RESOURCES; - } - - RtlZeroMemory( LayoutFrame, 2 * SizeOfEntry ); - - FromTdiConn = (PTDI_CONNECTION_INFORMATION)LayoutFrame; - ToTdiConn = (PTDI_CONNECTION_INFORMATION)LayoutFrame + SizeOfEntry; - - TdiBuildConnectionInfoInPlace( FromTdiConn, From ); - - TdiBuildConnectionInfoInPlace( ToTdiConn, To ); - - return STATUS_SUCCESS; -} - -PTA_ADDRESS TdiGetRemoteAddress( PTDI_CONNECTION_INFORMATION TdiConn ) -/* - * Convenience function that rounds out the abstraction of - * the TDI_CONNECTION_INFORMATION struct. - */ -{ - return TdiConn->RemoteAddress; -} - Modified: trunk/reactos/drivers/network/afd/include/tdiconn.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/includ… ============================================================================== --- trunk/reactos/drivers/network/afd/include/tdiconn.h [iso-8859-1] (original) +++ trunk/reactos/drivers/network/afd/include/tdiconn.h [iso-8859-1] Sun Jul 10 08:25:31 2011 @@ -24,8 +24,3 @@ ( PTDI_CONNECTION_INFORMATION ConnInfo, ULONG Type ); NTSTATUS TdiBuildNullConnectionInfo ( PTDI_CONNECTION_INFORMATION *ConnectionInfo, ULONG Type ); -NTSTATUS TdiBuildConnectionInfoPair -( PTDI_CONNECTION_INFO_PAIR ConnectionInfo, - PTRANSPORT_ADDRESS From, - PTRANSPORT_ADDRESS To ); -PTA_ADDRESS TdiGetRemoteAddress( PTDI_CONNECTION_INFORMATION TdiConn );