Author: cgutman
Date: Tue Mar 31 02:32:37 2009
New Revision: 40301
URL:
http://svn.reactos.org/svn/reactos?rev=40301&view=rev
Log:
- Move the buffer size validation before writing to the buffer
- Change the status to STATUS_BUFFER_TOO_SMALL
Modified:
trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpi…
==============================================================================
--- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Tue Mar 31 02:32:37
2009
@@ -674,6 +674,14 @@
PTA_IP_ADDRESS Address;
PCONNECTION_ENDPOINT Endpoint = NULL;
+
+ if (MmGetMdlByteCount(Irp->MdlAddress) <
+ (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
+ sizeof(TDI_ADDRESS_IP))) {
+ TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
+ return STATUS_BUFFER_TOO_SMALL;
+ }
+
AddressInfo = (PTDI_ADDRESS_INFO)MmGetSystemAddressForMdl(Irp->MdlAddress);
Address = (PTA_IP_ADDRESS)&AddressInfo->Address;
@@ -711,13 +719,6 @@
return STATUS_INVALID_PARAMETER;
}
- if (MmGetMdlByteCount(Irp->MdlAddress) <
- (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
- sizeof(TDI_ADDRESS_IP))) {
- TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
- return STATUS_BUFFER_OVERFLOW;
- }
-
return STATUS_SUCCESS;
}
@@ -727,6 +728,13 @@
PADDRESS_FILE AddrFile;
PCONNECTION_ENDPOINT Endpoint = NULL;
+ if (MmGetMdlByteCount(Irp->MdlAddress) <
+ (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
+ sizeof(PVOID))) {
+ TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
+ return STATUS_BUFFER_TOO_SMALL;
+ }
+
AddressInfo = (PTDI_CONNECTION_INFORMATION)
MmGetSystemAddressForMdl(Irp->MdlAddress);
@@ -748,13 +756,6 @@
if (!Endpoint) {
TI_DbgPrint(MID_TRACE, ("No connection object.\n"));
return STATUS_INVALID_PARAMETER;
- }
-
- if (MmGetMdlByteCount(Irp->MdlAddress) <
- (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
- sizeof(PVOID))) {
- TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
- return STATUS_BUFFER_OVERFLOW;
}
return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE );