[AFD]
authorCameron Gutman <aicommander@gmail.com>
Sat, 3 Dec 2011 21:34:49 +0000 (21:34 +0000)
committerCameron Gutman <aicommander@gmail.com>
Sat, 3 Dec 2011 21:34:49 +0000 (21:34 +0000)
- Fix the allocation size for AFD_ACTIVE_POLL to fix a 1 byte non-paged pool overrun

svn path=/trunk/; revision=54576

reactos/drivers/network/afd/afd/select.c

index 4d425a4..b7e7c83 100644 (file)
@@ -163,9 +163,6 @@ AfdSelect( PDEVICE_OBJECT DeviceObject, PIRP Irp,
     PFILE_OBJECT FileObject;
     PAFD_POLL_INFO PollReq = Irp->AssociatedIrp.SystemBuffer;
     PAFD_DEVICE_EXTENSION DeviceExt = DeviceObject->DeviceExtension;
-    UINT CopySize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
-    UINT AllocSize =
-       CopySize + sizeof(AFD_ACTIVE_POLL) - sizeof(AFD_POLL_INFO);
     KIRQL OldIrql;
     UINT i, Signalled = 0;
     ULONG Exclusive = PollReq->Exclusive;
@@ -223,7 +220,7 @@ AfdSelect( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 
        PAFD_ACTIVE_POLL Poll = NULL;
 
-       Poll = ExAllocatePool( NonPagedPool, AllocSize );
+       Poll = ExAllocatePool( NonPagedPool, sizeof(AFD_ACTIVE_POLL) );
 
        if (Poll){
           Poll->Irp = Irp;