[WS2_32]
authorPierre Schweitzer <pierre@reactos.org>
Sun, 11 Jun 2017 07:56:18 +0000 (07:56 +0000)
committerPierre Schweitzer <pierre@reactos.org>
Sun, 11 Jun 2017 07:56:18 +0000 (07:56 +0000)
Don't pass a null ptr at MSAFD to avoid dereference.
Fixes crash in ws2_32:sock

svn path=/trunk/; revision=74992

reactos/dll/win32/ws2_32/src/sockctrl.c

index 2414b03..458aafe 100644 (file)
@@ -39,54 +39,62 @@ connect(IN SOCKET s,
         /* Get the Socket Context */
         if ((Socket = WsSockGetSocket(s)))
         {
-            while (TRUE)
+            if (!IsBadReadPtr(name, sizeof(struct sockaddr)))
             {
-                /* Make the call */
-                Status = Socket->Provider->Service.lpWSPConnect(s,
-                                                                name,
-                                                                namelen,
-                                                                NULL,
-                                                                NULL,
-                                                                NULL,
-                                                                NULL,
-                                                                &ErrorCode);
-
-                /* Check if error code was due to the host not being found */
-                if ((Status == SOCKET_ERROR) &&
-                    ((ErrorCode == WSAEHOSTUNREACH) ||
-                     (ErrorCode == WSAENETUNREACH)))
+                while (TRUE)
                 {
-                    /* Check if we can try again */
-                    if (TryAgain)
-                    {
-                        /* Save the old error code */
-                        OldErrorCode = ErrorCode;
-
-                        /* Make sure we don't retry 3 times */
-                        TryAgain = FALSE;
+                    /* Make the call */
+                    Status = Socket->Provider->Service.lpWSPConnect(s,
+                                                                    name,
+                                                                    namelen,
+                                                                    NULL,
+                                                                    NULL,
+                                                                    NULL,
+                                                                    NULL,
+                                                                    &ErrorCode);
 
-                        /* Make the RAS Auto-dial attempt */
-                        if (WSAttemptAutodialAddr(name, namelen)) continue;
-                    }
-                    else
+                    /* Check if error code was due to the host not being found */
+                    if ((Status == SOCKET_ERROR) &&
+                        ((ErrorCode == WSAEHOSTUNREACH) ||
+                         (ErrorCode == WSAENETUNREACH)))
                     {
-                        /* Restore the error code */
-                        ErrorCode = OldErrorCode;
+                        /* Check if we can try again */
+                        if (TryAgain)
+                        {
+                            /* Save the old error code */
+                            OldErrorCode = ErrorCode;
+
+                            /* Make sure we don't retry 3 times */
+                            TryAgain = FALSE;
+
+                            /* Make the RAS Auto-dial attempt */
+                            if (WSAttemptAutodialAddr(name, namelen)) continue;
+                        }
+                        else
+                        {
+                            /* Restore the error code */
+                            ErrorCode = OldErrorCode;
+                        }
                     }
-                }
 
-                /* Break out of the loop */
-                break;
-            }
+                    /* Break out of the loop */
+                    break;
+                }
 
-            /* Deference the Socket Context */
-            WsSockDereference(Socket);
+                /* Deference the Socket Context */
+                WsSockDereference(Socket);
 
-            /* Return Provider Value */
-            if (Status == ERROR_SUCCESS) return Status;
+                /* Return Provider Value */
+                if (Status == ERROR_SUCCESS) return Status;
 
-            /* If everything seemed fine, then the WSP call failed itself */
-            if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE;
+                /* If everything seemed fine, then the WSP call failed itself */
+                if (ErrorCode == NO_ERROR) ErrorCode = WSASYSCALLFAILURE;
+            }
+            else
+            {
+                /* Invalid user pointer */
+                ErrorCode = WSAEFAULT;
+            }
         }
         else
         {