[ros-diffs] [cgutman] 35358: - Fix a memory leak that occurs when AfdSetContext is called with a buffer that is too small - Properly return STATUS_BUFFER_TOO_SMALL when the buffer passed is too small

cgutman at svn.reactos.org cgutman at svn.reactos.org
Fri Aug 15 20:26:52 CEST 2008 

Author: cgutman
Date: Fri Aug 15 13:26:52 2008
New Revision: 35358

URL: http://svn.reactos.org/svn/reactos?rev=35358&view=rev
Log:
 - Fix a memory leak that occurs when AfdSetContext is called with a buffer that is too small
 - Properly return STATUS_BUFFER_TOO_SMALL when the buffer passed is too small

Modified:
    branches/aicom-network-fixes/drivers/network/afd/afd/context.c

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/context.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/network/afd/afd/context.c?rev=35358&r1=35357&r2=35358&view=diff
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/context.c [iso-8859-1] Fri Aug 15 13:26:52 2008
@@ -39,27 +39,30 @@
 NTSTATUS STDCALL
 AfdSetContext( PDEVICE_OBJECT DeviceObject, PIRP Irp,
 	       PIO_STACK_LOCATION IrpSp ) {
-    NTSTATUS Status = STATUS_NO_MEMORY;
+    NTSTATUS Status = STATUS_BUFFER_TOO_SMALL;
     PFILE_OBJECT FileObject = IrpSp->FileObject;
     PAFD_FCB FCB = FileObject->FsContext;
 
     if( !SocketAcquireStateLock( FCB ) ) return LostSocket( Irp );
 
+    if( FCB->Context ) {
+	ExFreePool( FCB->Context );
+	FCB->Context = NULL;
+    }
+
     if( FCB->ContextSize <
 	IrpSp->Parameters.DeviceIoControl.InputBufferLength ) {
-	if( FCB->Context )
-	    ExFreePool( FCB->Context );
 	FCB->Context =
 	    ExAllocatePool
 	    ( PagedPool,
 	      IrpSp->Parameters.DeviceIoControl.InputBufferLength );
-    }
 
-    if( FCB->Context ) {
-	Status = STATUS_SUCCESS;
+	if( !FCB->Context ) return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp, 0, NULL );
+
 	RtlCopyMemory( FCB->Context,
 		       IrpSp->Parameters.DeviceIoControl.Type3InputBuffer,
 		       IrpSp->Parameters.DeviceIoControl.InputBufferLength );
+	Status = STATUS_SUCCESS;
     }
 
     AFD_DbgPrint(MID_TRACE,("Returning %x\n", Status));

More information about the Ros-diffs mailing list