[tfaber] 57538: [WLANCONF] - Fix a potential buffer overflow, fix a handle leak, fix an MSVC warning
12 Oct
2012
12 Oct
'12
10:56 a.m.
Author: tfaber
Date: Fri Oct 12 10:56:08 2012
New Revision: 57538
URL: http://svn.reactos.org/svn/reactos?rev=57538&view=rev
Log:
[WLANCONF]
- Fix a potential buffer overflow, fix a handle leak, fix an MSVC warning
Modified:
trunk/reactos/base/applications/network/wlanconf/wlanconf.c
Modified: trunk/reactos/base/applications/network/wlanconf/wlanconf.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/network/…
==============================================================================
--- trunk/reactos/base/applications/network/wlanconf/wlanconf.c [iso-8859-1] (original)
+++ trunk/reactos/base/applications/network/wlanconf/wlanconf.c [iso-8859-1] Fri Oct 12
10:56:08 2012
@@ -68,7 +68,7 @@
NULL);
if (hDriver == INVALID_HANDLE_VALUE)
return INVALID_HANDLE_VALUE;
-
+
/* Wait for binds */
bSuccess = DeviceIoControl(hDriver,
IOCTL_NDISUIO_BIND_WAIT,
@@ -83,7 +83,7 @@
CloseHandle(hDriver);
return INVALID_HANDLE_VALUE;
}
-
+
return hDriver;
}
@@ -119,14 +119,15 @@
DWORD dwBytesReturned;
DWORD QueryBindingSize = sizeof(NDISUIO_QUERY_BINDING) + (1024 * sizeof(WCHAR));
PNDISUIO_QUERY_BINDING QueryBinding;
- DWORD dwStatus, dwSize, i;
+ DWORD dwStatus, dwSize;
+ LONG i;
PIP_INTERFACE_INFO InterfaceInfo = NULL;
-
+
/* Open the driver handle */
hDriver = OpenDriverHandle();
if (hDriver == INVALID_HANDLE_VALUE)
return FALSE;
-
+
/* Allocate the binding struct */
QueryBinding = HeapAlloc(GetProcessHeap(), 0, QueryBindingSize);
if (!QueryBinding)
@@ -152,7 +153,7 @@
CloseHandle(hDriver);
return FALSE;
}
-
+
/* Bind to the adapter */
bSuccess = DeviceIoControl(hDriver,
IOCTL_NDISUIO_OPEN_DEVICE,
@@ -174,7 +175,7 @@
dwSize = sizeof(IP_INTERFACE_INFO);
do {
if (InterfaceInfo) HeapFree(GetProcessHeap(), 0, InterfaceInfo);
- InterfaceInfo = HeapAlloc(GetProcessHeap(), 0, sizeof(IP_INTERFACE_INFO));
+ InterfaceInfo = HeapAlloc(GetProcessHeap(), 0, dwSize);
if (!InterfaceInfo)
{
HeapFree(GetProcessHeap(), 0, QueryBinding);
@@ -183,14 +184,15 @@
}
dwStatus = GetInterfaceInfo(InterfaceInfo, &dwSize);
} while (dwStatus == ERROR_INSUFFICIENT_BUFFER);
-
+
if (dwStatus != NO_ERROR)
{
HeapFree(GetProcessHeap(), 0, QueryBinding);
HeapFree(GetProcessHeap(), 0, InterfaceInfo);
- return FALSE;
- }
-
+ CloseHandle(hDriver);
+ return FALSE;
+ }
+
for (i = 0; i < InterfaceInfo->NumAdapters; i++)
{
if (wcsstr((PWCHAR)((PUCHAR)QueryBinding + QueryBinding->DeviceNameOffset),
@@ -198,10 +200,10 @@
{
*IpInfo = InterfaceInfo->Adapter[i];
*hAdapter = hDriver;
-
+
HeapFree(GetProcessHeap(), 0, QueryBinding);
HeapFree(GetProcessHeap(), 0, InterfaceInfo);
-
+
return TRUE;
}
}
@@ -223,7 +225,7 @@
{
if (!OpenAdapterHandle(dwCurrentIndex, hAdapter, IpInfo))
break;
-
+
if (IsWlanAdapter(*hAdapter))
return TRUE;
else
@@ -239,7 +241,7 @@
BOOL bSuccess;
DWORD dwBytesReturned;
NDISUIO_SET_OID SetOid;
-
+
/* Release this IP address */
IpReleaseAddress(IpInfo);
@@ -265,7 +267,7 @@
CharToHex(CHAR Char)
{
Char = toupper(Char);
-
+
switch (Char)
{
case '0':
@@ -315,12 +317,12 @@
PNDIS_802_11_SSID SsidInfo;
CHAR SsidBuffer[NDIS_802_11_LENGTH_SSID + 1];
DWORD i;
-
+
QueryOidSize = FIELD_OFFSET(NDISUIO_QUERY_OID, Data) + sizeof(NDIS_802_11_SSID);
QueryOid = HeapAlloc(GetProcessHeap(), 0, QueryOidSize);
if (!QueryOid)
return FALSE;
-
+
QueryOid->Oid = OID_802_11_SSID;
SsidInfo = (PNDIS_802_11_SSID)QueryOid->Data;
@@ -337,7 +339,7 @@
HeapFree(GetProcessHeap(), 0, QueryOid);
return FALSE;
}
-
+
/* Copy the SSID to our internal buffer and terminate it */
RtlCopyMemory(SsidBuffer, SsidInfo->Ssid, SsidInfo->SsidLength);
SsidBuffer[SsidInfo->SsidLength] = 0;
@@ -349,7 +351,7 @@
return FALSE;
QueryOid->Oid = OID_802_11_BSSID;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -382,15 +384,15 @@
_tprintf(_T(":"));
}
_tprintf(_T("\n"));
-
+
HeapFree(GetProcessHeap(), 0, QueryOid);
QueryOidSize = sizeof(NDISUIO_QUERY_OID);
QueryOid = HeapAlloc(GetProcessHeap(), 0, QueryOidSize);
if (!QueryOid)
return FALSE;
-
+
QueryOid->Oid = OID_802_11_INFRASTRUCTURE_MODE;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -404,11 +406,11 @@
HeapFree(GetProcessHeap(), 0, QueryOid);
return FALSE;
}
-
+
_tprintf(_T("Network mode: %s\n"), (*(PUINT)QueryOid->Data ==
Ndis802_11IBSS) ? "Adhoc" : "Infrastructure");
-
+
QueryOid->Oid = OID_802_11_WEP_STATUS;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -422,12 +424,12 @@
HeapFree(GetProcessHeap(), 0, QueryOid);
return FALSE;
}
-
+
_tprintf(_T("WEP enabled: %s\n"), (*(PUINT)QueryOid->Data ==
Ndis802_11WEPEnabled) ? "Yes" : "No");
-
+
_tprintf("\n");
QueryOid->Oid = OID_802_11_RSSI;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -441,9 +443,9 @@
/* This OID is optional */
_tprintf(_T("RSSI: %i dBm\n"), *(PINT)QueryOid->Data);
}
-
+
QueryOid->Oid = OID_802_11_TX_POWER_LEVEL;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -457,11 +459,11 @@
/* This OID is optional */
_tprintf(_T("Transmission power: %d mW\n"),
*(PUINT)QueryOid->Data);
}
-
+
_tprintf(_T("\n"));
-
+
QueryOid->Oid = OID_802_11_NUMBER_OF_ANTENNAS;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -475,9 +477,9 @@
/* This OID is optional */
_tprintf(_T("Antenna count: %d\n"), *(PUINT)QueryOid->Data);
}
-
+
QueryOid->Oid = OID_802_11_TX_ANTENNA_SELECTED;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -489,15 +491,15 @@
if (bSuccess)
{
UINT TransmitAntenna = *(PUINT)QueryOid->Data;
-
+
if (TransmitAntenna != 0xFFFFFFFF)
_tprintf(_T("Transmit antenna: %d\n"), TransmitAntenna);
else
_tprintf(_T("Transmit antenna: Any\n"));
}
-
+
QueryOid->Oid = OID_802_11_RX_ANTENNA_SELECTED;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -509,17 +511,17 @@
if (bSuccess)
{
UINT ReceiveAntenna = *(PUINT)QueryOid->Data;
-
+
if (ReceiveAntenna != 0xFFFFFFFF)
_tprintf(_T("Receive antenna: %d\n"), ReceiveAntenna);
else
_tprintf(_T("Receive antenna: Any\n"));
}
-
+
_tprintf(_T("\n"));
-
+
QueryOid->Oid = OID_802_11_FRAGMENTATION_THRESHOLD;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -533,9 +535,9 @@
/* This OID is optional */
_tprintf(_T("Fragmentation threshold: %d bytes\n"),
*(PUINT)QueryOid->Data);
}
-
+
QueryOid->Oid = OID_802_11_RTS_THRESHOLD;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_QUERY_OID_VALUE,
QueryOid,
@@ -549,9 +551,9 @@
/* This OID is optional */
_tprintf(_T("RTS threshold: %d bytes\n"), *(PUINT)QueryOid->Data);
}
-
+
HeapFree(GetProcessHeap(), 0, QueryOid);
-
+
_tprintf(_T("\n"));
return TRUE;
}
@@ -564,7 +566,7 @@
PNDISUIO_SET_OID SetOid;
PNDIS_802_11_SSID Ssid;
DWORD i;
-
+
SetOidSize = sizeof(NDISUIO_SET_OID);
SetOid = HeapAlloc(GetProcessHeap(), 0, SetOidSize);
if (!SetOid)
@@ -573,7 +575,7 @@
/* Set the network mode */
SetOid->Oid = OID_802_11_INFRASTRUCTURE_MODE;
*(PULONG)SetOid->Data = bAdhoc ? Ndis802_11IBSS : Ndis802_11Infrastructure;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
SetOid,
@@ -591,7 +593,7 @@
/* Set the authentication mode */
SetOid->Oid = OID_802_11_AUTHENTICATION_MODE;
*(PULONG)SetOid->Data = sWepKey ? Ndis802_11AuthModeShared :
Ndis802_11AuthModeOpen;
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
SetOid,
@@ -605,11 +607,11 @@
HeapFree(GetProcessHeap(), 0, SetOid);
return FALSE;
}
-
+
if (sWepKey)
{
PNDIS_802_11_WEP WepData;
-
+
HeapFree(GetProcessHeap(), 0, SetOid);
SetOidSize = FIELD_OFFSET(NDISUIO_SET_OID, Data) +
@@ -618,7 +620,7 @@
SetOid = HeapAlloc(GetProcessHeap(), 0, SetOidSize);
if (!SetOid)
return FALSE;
-
+
/* Add the WEP key */
SetOid->Oid = OID_802_11_ADD_WEP;
WepData = (PNDIS_802_11_WEP)SetOid->Data;
@@ -626,7 +628,7 @@
WepData->KeyIndex = 0x80000000;
WepData->KeyLength = strlen(sWepKey) >> 1;
WepData->Length = FIELD_OFFSET(NDIS_802_11_WEP, KeyMaterial) +
WepData->KeyLength;
-
+
/* Assemble the hex key */
i = 0;
while (sWepKey[i << 1] != '\0')
@@ -635,7 +637,7 @@
WepData->KeyMaterial[i] |= CharToHex(sWepKey[(i << 1) + 1]);
i++;
}
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
SetOid,
@@ -668,17 +670,17 @@
HeapFree(GetProcessHeap(), 0, SetOid);
return FALSE;
}
-
+
HeapFree(GetProcessHeap(), 0, SetOid);
SetOidSize = FIELD_OFFSET(NDISUIO_SET_OID, Data) + sizeof(NDIS_802_11_MAC_ADDRESS);
SetOid = HeapAlloc(GetProcessHeap(), 0, SetOidSize);
if (!SetOid)
return FALSE;
-
+
/* Set the BSSID */
SetOid->Oid = OID_802_11_BSSID;
RtlFillMemory(SetOid->Data, sizeof(NDIS_802_11_MAC_ADDRESS), 0xFF);
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
SetOid,
@@ -692,20 +694,20 @@
HeapFree(GetProcessHeap(), 0, SetOid);
return FALSE;
}
-
+
HeapFree(GetProcessHeap(), 0, SetOid);
SetOidSize = FIELD_OFFSET(NDISUIO_SET_OID, Data) + sizeof(NDIS_802_11_SSID);
SetOid = HeapAlloc(GetProcessHeap(), 0, SetOidSize);
if (!SetOid)
return FALSE;
-
+
/* Finally, set the SSID */
SetOid->Oid = OID_802_11_SSID;
Ssid = (PNDIS_802_11_SSID)SetOid->Data;
-
+
RtlCopyMemory(Ssid->Ssid, sSsid, strlen(sSsid));
Ssid->SsidLength = strlen(sSsid);
-
+
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
SetOid,
@@ -714,9 +716,9 @@
0,
&dwBytesReturned,
NULL);
-
+
HeapFree(GetProcessHeap(), 0, SetOid);
-
+
if (!bSuccess)
return FALSE;
@@ -736,7 +738,7 @@
DWORD i, j;
SetOid.Oid = OID_802_11_BSSID_LIST_SCAN;
-
+
/* Send the scan OID */
bSuccess = DeviceIoControl(hAdapter,
IOCTL_NDISUIO_SET_OID_VALUE,
@@ -748,13 +750,13 @@
NULL);
if (!bSuccess)
return FALSE;
-
+
/* Allocate space for 15 networks to be returned */
QueryOidSize = sizeof(NDISUIO_QUERY_OID) + (sizeof(NDIS_WLAN_BSSID) * 15);
QueryOid = HeapAlloc(GetProcessHeap(), 0, QueryOidSize);
if (!QueryOid)
return FALSE;
-
+
QueryOid->Oid = OID_802_11_BSSID_LIST;
BssidList = (PNDIS_802_11_BSSID_LIST)QueryOid->Data;
@@ -814,7 +816,7 @@
BssidInfo->Privacy == 0 ? "No" : "Yes",
NetworkType == Ndis802_11IBSS ? "Adhoc" :
"Infrastructure",
(int)Rssi);
-
+
for (j = 0; j < NDIS_802_11_LENGTH_RATES; j++)
{
Rate = BssidInfo->SupportedRates[j];
@@ -837,14 +839,14 @@
}
}
_tprintf(_T("\n"));
-
+
/* Move to the next entry */
BssidInfo = (PNDIS_WLAN_BSSID)((PUCHAR)BssidInfo + BssidInfo->Length);
}
}
-
+
HeapFree(GetProcessHeap(), 0, QueryOid);
-
+
return bSuccess;
}
@@ -864,7 +866,7 @@
BOOL ParseCmdline(int argc, char* argv[])
{
INT i;
-
+
for (i = 1; i < argc; i++)
{
if (argv[i][0] == '-')
@@ -920,13 +922,13 @@
if (!ParseCmdline(argc, argv))
return -1;
-
+
if (!OpenWlanAdapter(&hAdapter, &IpInfo))
{
_tprintf(_T("Unable to find a WLAN adapter on the system\n"));
return -1;
}
-
+
if (bScan)
{
if (!WlanScan(hAdapter))
4417
days inactive
4417
days old
0 comments
1 participants
participants (1)
-
tfaber@svn.reactos.org