- Fix a NULL pointer dereference if ExAllocatePool fails

author Cameron Gutman <aicommander@gmail.com>

Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)

committer Cameron Gutman <aicommander@gmail.com>

Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)
author Cameron Gutman <aicommander@gmail.com>
Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)
committer Cameron Gutman <aicommander@gmail.com>
Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)
diff --git a/reactos/lib/drivers/ip/network/routines.c b/reactos/lib/drivers/ip/network/routines.c

index 10de185..7688bff 100644 (file)
--- a/reactos/lib/drivers/ip/network/routines.c
+++ b/reactos/lib/drivers/ip/network/routines.c
@@ -117,9 +117,11 @@ VOID DisplayTCPPacket(
          NdisQueryPacket(IPPacket->NdisPacket, NULL, NULL, NULL, &Length);
          Length -= MaxLLHeaderSize;
          Buffer = exAllocatePool(NonPagedPool, Length);
-        Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length);
-        DisplayTCPHeader(Buffer, Length);
-        exFreePool(Buffer);
+        if (Buffer) {
+            Length = CopyPacketToBuffer(Buffer, IPPacket->NdisPacket, MaxLLHeaderSize, Length);
+            DisplayTCPHeader(Buffer, Length);
+            exFreePool(Buffer);
+        }
      } else {
          Buffer = IPPacket->Header;
          Length = IPPacket->ContigSize;
diff --git a/reactos/lib/drivers/ip/transport/tcp/accept.c b/reactos/lib/drivers/ip/transport/tcp/accept.c

index f9648fa..151f309 100644 (file)
--- a/reactos/lib/drivers/ip/transport/tcp/accept.c
+++ b/reactos/lib/drivers/ip/transport/tcp/accept.c
@@ -70,16 +70,16 @@ NTSTATUS TCPListen( PCONNECTION_ENDPOINT Connection, UINT Backlog ) {
      NTSTATUS Status = STATUS_SUCCESS;
      SOCKADDR_IN AddressToBind;
  
-    TI_DbgPrint(DEBUG_TCP,("TCPListen started\n"));
-
-    TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n",
-    Connection->SocketContext));
+    TcpipRecursiveMutexEnter( &TCPLock, TRUE );
  
      ASSERT(Connection);
      ASSERT_KM_POINTER(Connection->SocketContext);
      ASSERT_KM_POINTER(Connection->AddressFile);
  
-    TcpipRecursiveMutexEnter( &TCPLock, TRUE );
+    TI_DbgPrint(DEBUG_TCP,("TCPListen started\n"));
+
+    TI_DbgPrint(DEBUG_TCP,("Connection->SocketContext %x\n",
+    Connection->SocketContext));
  
      AddressToBind.sin_family = AF_INET;
      memcpy( &AddressToBind.sin_addr,
diff --git a/reactos/lib/drivers/oskittcp/oskittcp/interface.c b/reactos/lib/drivers/oskittcp/oskittcp/interface.c

index 33b2d93..9109fe7 100644 (file)
--- a/reactos/lib/drivers/oskittcp/oskittcp/interface.c
+++ b/reactos/lib/drivers/oskittcp/oskittcp/interface.c
@@ -358,14 +358,14 @@ int OskitTCPAccept( void *socket,
      so = head->so_q;
  
      inp = so ? (struct inpcb *)so->so_pcb : NULL;
-    if( inp ) {
+    if( inp && name ) {
          ((struct sockaddr_in *)AddrOut)->sin_addr.s_addr =
              inp->inp_faddr.s_addr;
          ((struct sockaddr_in *)AddrOut)->sin_port = inp->inp_fport;
      }
  
      OS_DbgPrint(OSK_MID_TRACE,("error = %d\n", error));
-    if( FinishAccepting ) {
+    if( FinishAccepting && so ) {
         head->so_q = so->so_q;
         head->so_qlen--;
author	Cameron Gutman <aicommander@gmail.com>
	Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)
committer	Cameron Gutman <aicommander@gmail.com>
	Thu, 13 Aug 2009 23:42:21 +0000 (23:42 +0000)
reactos/lib/drivers/ip/network/routines.c		patch \| blob \| history
reactos/lib/drivers/ip/transport/tcp/accept.c		patch \| blob \| history
reactos/lib/drivers/oskittcp/oskittcp/interface.c		patch \| blob \| history