From 91a772cfd57536efe5ba06aca9db4b86e71cbd45 Mon Sep 17 00:00:00 2001
From: Peter Hater <7element@mail.bg>
Date: Mon, 10 Oct 2016 06:38:52 +0000
Subject: [PATCH] [MSAFD] Fix some return codes and better parameter checks
 based on wine tests CORE-12104

svn path=/trunk/; revision=72948
---
 reactos/dll/win32/msafd/misc/dllmain.c | 36 +++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/reactos/dll/win32/msafd/misc/dllmain.c b/reactos/dll/win32/msafd/misc/dllmain.c
index b822d3f840d..a1626ec3f8f 100644
--- a/reactos/dll/win32/msafd/misc/dllmain.c
+++ b/reactos/dll/win32/msafd/misc/dllmain.c
@@ -2189,11 +2189,17 @@ WSPIoctl(IN  SOCKET Handle,
 			else
 				return NO_ERROR;
         case FIONREAD:
-            if( cbOutBuffer < sizeof(INT) || IS_INTRESOURCE(lpvOutBuffer) )
+            if (IS_INTRESOURCE(lpvOutBuffer) || cbOutBuffer == 0)
             {
+                *lpcbBytesReturned = sizeof(ULONG);
                 *lpErrno = WSAEFAULT;
                 return SOCKET_ERROR;
             }
+            if (cbOutBuffer < sizeof(ULONG))
+            {
+                *lpErrno = WSAEINVAL;
+                return SOCKET_ERROR;
+            }
             *lpErrno = GetSocketInformation(Socket, AFD_INFO_RECEIVE_CONTENT_SIZE, NULL, (PULONG)lpvOutBuffer, NULL);
 			if (*lpErrno != NO_ERROR)
 				return SOCKET_ERROR;
@@ -2203,11 +2209,17 @@ WSPIoctl(IN  SOCKET Handle,
 				return NO_ERROR;
 			}
         case SIOCATMARK:
-            if (cbOutBuffer < sizeof(BOOL) || IS_INTRESOURCE(lpvOutBuffer))
+            if (IS_INTRESOURCE(lpvOutBuffer) || cbOutBuffer == 0)
             {
+                *lpcbBytesReturned = sizeof(BOOL);
                 *lpErrno = WSAEFAULT;
                 return SOCKET_ERROR;
             }
+            if (cbOutBuffer < sizeof(BOOL))
+            {
+                *lpErrno = WSAEINVAL;
+                return SOCKET_ERROR;
+            }
 
             /* FIXME: Return false for now */
             *(BOOL*)lpvOutBuffer = FALSE;
@@ -2220,16 +2232,28 @@ WSPIoctl(IN  SOCKET Handle,
             return SOCKET_ERROR;
 
         case SIO_ADDRESS_LIST_QUERY:
-            if (cbOutBuffer < (sizeof(SOCKET_ADDRESS_LIST) + sizeof(Socket->SharedData->WSLocalAddress)) || IS_INTRESOURCE(lpvOutBuffer))
+            if (IS_INTRESOURCE(lpvOutBuffer) || cbOutBuffer == 0)
+            {
+                *lpcbBytesReturned = sizeof(SOCKET_ADDRESS_LIST) + sizeof(Socket->SharedData->WSLocalAddress);
+                *lpErrno = WSAEFAULT;
+                return SOCKET_ERROR;
+            }
+            if (cbOutBuffer < sizeof(INT))
             {
                 *lpErrno = WSAEINVAL;
                 return SOCKET_ERROR;
             }
 
-            *lpcbBytesReturned = sizeof(SOCKET_ADDRESS_LIST) +
-                                 sizeof(Socket->SharedData->WSLocalAddress);
+            *lpcbBytesReturned = sizeof(SOCKET_ADDRESS_LIST) + sizeof(Socket->SharedData->WSLocalAddress);
 
             ((SOCKET_ADDRESS_LIST*)lpvOutBuffer)->iAddressCount = 1;
+
+            if (cbOutBuffer < (sizeof(SOCKET_ADDRESS_LIST) + sizeof(Socket->SharedData->WSLocalAddress)))
+            {
+                *lpErrno = WSAEFAULT;
+                return SOCKET_ERROR;
+            }
+
             ((SOCKET_ADDRESS_LIST*)lpvOutBuffer)->Address[0].iSockaddrLength = sizeof(Socket->SharedData->WSLocalAddress);
             ((SOCKET_ADDRESS_LIST*)lpvOutBuffer)->Address[0].lpSockaddr = &Socket->SharedData->WSLocalAddress;
 
@@ -2684,7 +2708,7 @@ WSPAddressToString(IN LPSOCKADDR lpsaAddress,
     if (*lpdwAddressStringLength < size)
     {
         *lpdwAddressStringLength = size;
-        *lpErrno = WSAENOBUFS;
+        *lpErrno = WSAEFAULT;
         return SOCKET_ERROR;
     }
 
-- 
2.17.1