projects / reactos.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0697e4) | patch
[AFD]
authorThomas Faber <thomas.faber@reactos.org>
Sun, 19 Oct 2014 22:12:06 +0000 (22:12 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Sun, 19 Oct 2014 22:12:06 +0000 (22:12 +0000)
commit00ee55172639bd54a5d836cce80f0e48edff7322
treebc1f19e2d69990f3b1104d4eb9c3419c4bc245bdtree
parentd0697e4b3d8622ddf44bb029d5f3bbd025447ec7commit | diff
[AFD]
- Do not pass IO_STATUS_BLOCKs when creating IRPs for asynchronous use. Fixes a use-after-free where AfdCloseSocket would cancel IRPs without actually waiting for their completion, and proceed to free the FCB, which contained these IO_STATUS_BLOCKs.
Note that using TdiBuildInternalDeviceControlIrp for these requests is broken in the first place, since it is intended for synchronous requests and requires a guarantee about the calling thread's lifetime. These functions (and their completion routines) should use IoAllocateIrp/IoReuseIrp/IoFreeIrp instead. However this can be fixed later; the incredibly annoying nonpaged pool corruption due to this that has been around for 10 years should be fixed with this commit.
CORE-8640 #resolve

svn path=/trunk/; revision=64838
reactos/drivers/network/afd/afd/bind.c diff | blob | history
reactos/drivers/network/afd/afd/connect.c diff | blob | history
reactos/drivers/network/afd/afd/listen.c diff | blob | history
reactos/drivers/network/afd/afd/main.c diff | blob | history
reactos/drivers/network/afd/afd/read.c diff | blob | history
reactos/drivers/network/afd/afd/tdi.c diff | blob | history
reactos/drivers/network/afd/afd/write.c diff | blob | history
reactos/drivers/network/afd/include/afd.h diff | blob | history
reactos/drivers/network/afd/include/tdi_proto.h diff | blob | history
A free Windows-compatible Operating System