[reactos] 02/02: [TCPIP] Fix buffer sizes in ReadIpConfiguration. - Ros-diffs

10 Jan 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f54fb980baf0e35738cf97...
commit f54fb980baf0e35738cf97bae8d4e7ff3dc04737
Author: Thomas Faber thomas.faber@reactos.org
AuthorDate: Mon Jan 8 13:58:20 2018 +0100
[TCPIP] Fix buffer sizes in ReadIpConfiguration.
---
 drivers/network/tcpip/datalink/lan.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/drivers/network/tcpip/datalink/lan.c b/drivers/network/tcpip/datalink/lan.c
index 23ffbbab46..35fe5bef57 100644
--- a/drivers/network/tcpip/datalink/lan.c
+++ b/drivers/network/tcpip/datalink/lan.c
@@ -570,6 +570,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface)
     OBJECT_ATTRIBUTES ObjectAttributes;
     HANDLE ParameterHandle;
     PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo;
+    ULONG KeyValueInfoLength;
     WCHAR Buffer[150];
     UNICODE_STRING IPAddress = RTL_CONSTANT_STRING(L"IPAddress");
     UNICODE_STRING Netmask = RTL_CONSTANT_STRING(L"SubnetMask");
@@ -608,31 +609,34 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface)
     }
     else
     {
-        KeyValueInfo = ExAllocatePoolWithTag(PagedPool, sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR), KEY_VALUE_TAG);
+        KeyValueInfoLength = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + 16 * sizeof(WCHAR);
+        KeyValueInfo = ExAllocatePoolWithTag(PagedPool,
+                                             KeyValueInfoLength,
+                                             KEY_VALUE_TAG);
         if (!KeyValueInfo)
         {
             ZwClose(ParameterHandle);
             return FALSE;
         }
-        
+
         /* Read the EnableDHCP entry */
         Status = ZwQueryValueKey(ParameterHandle,
                                  &EnableDhcp,
                                  KeyValuePartialInformation,
                                  KeyValueInfo,
-                                 sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG),
+                                 KeyValueInfoLength,
                                  &Unused);
         if (NT_SUCCESS(Status) && KeyValueInfo->DataLength == sizeof(ULONG) && (*(PULONG)KeyValueInfo->Data) == 0)
         {
-            RegistryDataU.MaximumLength = 16 + sizeof(WCHAR);
+            RegistryDataU.MaximumLength = KeyValueInfoLength - FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data);
             RegistryDataU.Buffer = (PWCHAR)KeyValueInfo->Data;
-            
+
             /* Read the IP address */
             Status = ZwQueryValueKey(ParameterHandle,
                                      &IPAddress,
                                      KeyValuePartialInformation,
                                      KeyValueInfo,
-                                     sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR),
+                                     KeyValueInfoLength,
                                      &Unused);
             if (NT_SUCCESS(Status))
             {
@@ -653,7 +657,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface)
                                      &Netmask,
                                      KeyValuePartialInformation,
                                      KeyValueInfo,
-                                     sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR),
+                                     KeyValueInfoLength,
                                      &Unused);
             if (NT_SUCCESS(Status))
             {
@@ -682,7 +686,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface)
                                      &Gateway,
                                      KeyValuePartialInformation,
                                      KeyValueInfo,
-                                     sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR),
+                                     KeyValueInfoLength,
                                      &Unused);
             if (NT_SUCCESS(Status))
             {

    