Author: cgutman Date: Fri Aug 15 13:26:52 2008 New Revision: 35358

URL: http://svn.reactos.org/svn/reactos?rev=35358&view=rev Log: - Fix a memory leak that occurs when AfdSetContext is called with a buffer that is too small - Properly return STATUS_BUFFER_TOO_SMALL when the buffer passed is too small

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/context.c

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/context.c URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/netw... ============================================================================== --- branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1] (original) +++ branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1] Fri Aug 15 13:26:52 2008 @@ -39,27 +39,30 @@ NTSTATUS STDCALL AfdSetContext( PDEVICE_OBJECT DeviceObject, PIRP Irp, PIO_STACK_LOCATION IrpSp ) { - NTSTATUS Status = STATUS_NO_MEMORY; + NTSTATUS Status = STATUS_BUFFER_TOO_SMALL; PFILE_OBJECT FileObject = IrpSp->FileObject; PAFD_FCB FCB = FileObject->FsContext;

if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );

+ if( FCB->Context ) { + ExFreePool( FCB->Context ); + FCB->Context = NULL; + } + if( FCB->ContextSize < IrpSp->Parameters.DeviceIoControl.InputBufferLength ) { - if( FCB->Context ) - ExFreePool( FCB->Context ); FCB->Context = ExAllocatePool ( PagedPool, IrpSp->Parameters.DeviceIoControl.InputBufferLength ); - }

- if( FCB->Context ) { - Status = STATUS_SUCCESS; + if( !FCB->Context ) return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp, 0, NULL ); + RtlCopyMemory( FCB->Context, IrpSp->Parameters.DeviceIoControl.Type3InputBuffer, IrpSp->Parameters.DeviceIoControl.InputBufferLength ); + Status = STATUS_SUCCESS; }

AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));