[NDISUIO]

- Fix a query binding bug that caused access to unallocated memory
[WLANCONF]
- Fix parameter parsing and dumb IOCTL_NDISUIO_QUERY_BINDING usage

svn path=/branches/wlan-bringup/; revision=54877

diff --git a/base/applications/network/wlanconf/wlanconf.c b/base/applications/network/wlanconf/wlanconf.c
index 9a4642c..5b265da 100644 (file)
--- a/base/applications/network/wlanconf/wlanconf.c
+++ b/base/applications/network/wlanconf/wlanconf.c
@@ -132,21 +132,16 @@ OpenAdapterHandle(DWORD Index)
         return INVALID_HANDLE_VALUE;
     }
 
-    /* Query for bindable adapters */
-    QueryBinding->BindingIndex = 0;
-    do {
-        bSuccess = DeviceIoControl(hDriver,
-                                   IOCTL_NDISUIO_QUERY_BINDING,
-                                   QueryBinding,
-                                   QueryBindingSize,
-                                   QueryBinding,
-                                   QueryBindingSize,
-                                   &dwBytesReturned,
-                                   NULL);
-        if (QueryBinding->BindingIndex == Index)
-            break;
-        QueryBinding->BindingIndex++;
-    } while (bSuccess);
+    /* Query the adapter binding information */
+    QueryBinding->BindingIndex = Index;
+    bSuccess = DeviceIoControl(hDriver,
+                               IOCTL_NDISUIO_QUERY_BINDING,
+                               QueryBinding,
+                               QueryBindingSize,
+                               QueryBinding,
+                               QueryBindingSize,
+                               &dwBytesReturned,
+                               NULL);
 
     if (!bSuccess)
     {
@@ -540,35 +535,46 @@ BOOL ParseCmdline(int argc, char* argv[])
     
     for (i = 1; i < argc; i++)
     {
-        if ((argc > 1) && (argv[i][0] == '-'))
+        if (argv[i][0] == '-')
         {
-            TCHAR c;
-            
-            while ((c = *++argv[i]) != '\0')
+            switch (argv[i][1])
             {
-                switch (c)
-                {
-                    case 's':
-                        bScan = TRUE;
-                        break;
-                    case 'd':
-                        bDisconnect = TRUE;
-                        break;
-                    case 'c':
-                        bConnect = TRUE;
-                        sSsid = argv[++i];
-                        break;
-                    case 'w':
-                        sWepKey = argv[++i];
-                        break;
-                    case 'a':
-                        bAdhoc = TRUE;
-                        break;
-                    default :
+                case 's':
+                    bScan = TRUE;
+                    break;
+                case 'd':
+                    bDisconnect = TRUE;
+                    break;
+                case 'c':
+                    if (i == argc - 1)
+                    {
                         Usage();
                         return FALSE;
-                }
+                    }
+                    bConnect = TRUE;
+                    sSsid = argv[++i];
+                    break;
+                case 'w':
+                    if (i == argc - 1)
+                    {
+                        Usage();
+                        return FALSE;
+                    }
+                    sWepKey = argv[++i];
+                    break;
+                case 'a':
+                    bAdhoc = TRUE;
+                    break;
+                default :
+                    Usage();
+                    return FALSE;
             }
+
+        }
+        else
+        {
+            Usage();
+            return FALSE;
         }
     }
 

diff --git a/drivers/network/ndisuio/ioctl.c b/drivers/network/ndisuio/ioctl.c
index c76c5e9..774c20d 100644 (file)
--- a/drivers/network/ndisuio/ioctl.c
+++ b/drivers/network/ndisuio/ioctl.c
@@ -33,7 +33,7 @@ static
 NTSTATUS
 QueryBinding(PIRP Irp, PIO_STACK_LOCATION IrpSp)
 {
-    PNDISUIO_ADAPTER_CONTEXT AdapterContext;
+    PNDISUIO_ADAPTER_CONTEXT AdapterContext = NULL;
     PNDISUIO_QUERY_BINDING QueryBinding = Irp->AssociatedIrp.SystemBuffer;
     ULONG BindingLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
     NTSTATUS Status;
@@ -50,14 +50,16 @@ QueryBinding(PIRP Irp, PIO_STACK_LOCATION IrpSp)
         while (CurrentEntry != &GlobalAdapterList)
         {
             if (i == QueryBinding->BindingIndex)
+            {
+                AdapterContext = CONTAINING_RECORD(CurrentEntry, NDISUIO_ADAPTER_CONTEXT, ListEntry);
                 break;
+            }
             i++;
             CurrentEntry = CurrentEntry->Flink;
         }
         KeReleaseSpinLock(&GlobalAdapterListLock, OldIrql);
-        if (i == QueryBinding->BindingIndex)
+        if (AdapterContext)
         {
-            AdapterContext = CONTAINING_RECORD(CurrentEntry, NDISUIO_ADAPTER_CONTEXT, ListEntry);
             DPRINT("Query binding for index %d is adapter %wZ\n", i, &AdapterContext->DeviceName);
             BytesCopied = sizeof(NDISUIO_QUERY_BINDING);
             if (AdapterContext->DeviceName.Length <= BindingLength - BytesCopied)