projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a4a967f)
[DEVMGR] - Actually fail on error in AllocAndLoadStringsCat (CID 716793/716794)
authorThomas Faber <thomas.faber@reactos.org>
Wed, 22 Aug 2012 09:39:57 +0000 (09:39 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Wed, 22 Aug 2012 09:39:57 +0000 (09:39 +0000)
[IPHLPAPI] - Fix a use after free in getNthInterfaceEntity (CID 716795 - partly reverts r53190). Fix a possible double free in getArpTable (CID 716796).

svn path=/trunk/; revision=57127

reactos/dll/win32/devmgr/misc.c patch | blob | history
reactos/dll/win32/iphlpapi/ifenum_reactos.c patch | blob | history
reactos/dll/win32/iphlpapi/ipstats_reactos.c patch | blob | history

diff --git a/reactos/dll/win32/devmgr/misc.c b/reactos/dll/win32/devmgr/misc.c
index 4807bb0..9723fb7 100644 (file)
--- a/reactos/dll/win32/devmgr/misc.c
+++ b/reactos/dll/win32/devmgr/misc.c
@@ -130,6 +130,7 @@ AllocAndLoadStringsCat(OUT LPWSTR *lpTarget,
                 if (!(Ret = LoadStringW(hInst, uID[i], s, ln)))
                 {
                     LocalFree((HLOCAL)(*lpTarget));
+                    return 0;
                 }
 
                 s += Ret;
diff --git a/reactos/dll/win32/iphlpapi/ifenum_reactos.c b/reactos/dll/win32/iphlpapi/ifenum_reactos.c
index fd6c787..fcaa9d0 100644 (file)
--- a/reactos/dll/win32/iphlpapi/ifenum_reactos.c
+++ b/reactos/dll/win32/iphlpapi/ifenum_reactos.c
@@ -287,12 +287,12 @@ DWORD getNthInterfaceEntity( HANDLE tcpFile, DWORD index, TDIEntityID *ent ) {
     TRACE("Index %d is entity #%d - %04x:%08x\n", index, i,
            entitySet[i].tei_entity, entitySet[i].tei_instance );
 
-    tdiFreeThingSet( entitySet );
-
     if( numInterfaces == index && i < numEntities ) {
         memcpy( ent, &entitySet[i], sizeof(*ent) );
+        tdiFreeThingSet( entitySet );
         return STATUS_SUCCESS;
     } else {
+        tdiFreeThingSet( entitySet );
         return STATUS_UNSUCCESSFUL;
     }
 }
diff --git a/reactos/dll/win32/iphlpapi/ipstats_reactos.c b/reactos/dll/win32/iphlpapi/ipstats_reactos.c
index 4f732f5..656e00a 100644 (file)
--- a/reactos/dll/win32/iphlpapi/ipstats_reactos.c
+++ b/reactos/dll/win32/iphlpapi/ipstats_reactos.c
@@ -582,13 +582,12 @@ PMIB_IPNETTABLE getArpTable(void)
                                        (PVOID *)&AdapterArpTable,
                                        &returnSize );
 
-           if( status == STATUS_SUCCESS ) {
-               for( TmpIdx = 0; TmpIdx < returnSize; TmpIdx++, CurrIdx++ )
-                   IpArpTable->table[CurrIdx] = AdapterArpTable[TmpIdx];
-           }
-
-           if( AdapterArpTable ) tdiFreeThingSet( AdapterArpTable );
-       }
+            if( status == STATUS_SUCCESS ) {
+                for( TmpIdx = 0; TmpIdx < returnSize; TmpIdx++, CurrIdx++ )
+                    IpArpTable->table[CurrIdx] = AdapterArpTable[TmpIdx];
+                tdiFreeThingSet( AdapterArpTable );
+            }
+        }
     }
 
     closeTcpFile( tcpFile );
A free Windows-compatible Operating System