[ros-diffs] [cgutman] 40301: - Move the buffer size validation before writing to the buffer - Change the status to STATUS_BUFFER_TOO_SMALL

[cgutman at svn.reactos.org]

Author: cgutman
Date: Tue Mar 31 02:32:37 2009
New Revision: 40301

URL: http://svn.reactos.org/svn/reactos?rev=40301&view=rev
Log:
 - Move the buffer size validation before writing to the buffer
 - Change the status to STATUS_BUFFER_TOO_SMALL

Modified:
    trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c

Modified: trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c?rev=40301&r1=40300&r2=40301&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/tcpip/tcpip/dispatch.c [iso-8859-1] Tue Mar 31 02:32:37 2009
@@ -674,6 +674,14 @@
         PTA_IP_ADDRESS Address;
         PCONNECTION_ENDPOINT Endpoint = NULL;
 
+
+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
+             sizeof(TDI_ADDRESS_IP))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
         AddressInfo = (PTDI_ADDRESS_INFO)MmGetSystemAddressForMdl(Irp->MdlAddress);
 		Address = (PTA_IP_ADDRESS)&AddressInfo->Address;
 
@@ -711,13 +719,6 @@
           return STATUS_INVALID_PARAMETER;
         }
 
-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_ADDRESS_INFO, Address.Address[0].Address) +
-             sizeof(TDI_ADDRESS_IP))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small.\n"));
-          return STATUS_BUFFER_OVERFLOW;
-        }
-
         return STATUS_SUCCESS;
       }
 
@@ -727,6 +728,13 @@
         PADDRESS_FILE AddrFile;
         PCONNECTION_ENDPOINT Endpoint = NULL;
 
+        if (MmGetMdlByteCount(Irp->MdlAddress) <
+            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
+             sizeof(PVOID))) {
+          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
+          return STATUS_BUFFER_TOO_SMALL;
+        }
+
         AddressInfo = (PTDI_CONNECTION_INFORMATION)
           MmGetSystemAddressForMdl(Irp->MdlAddress);
 
@@ -748,13 +756,6 @@
         if (!Endpoint) {
           TI_DbgPrint(MID_TRACE, ("No connection object.\n"));
           return STATUS_INVALID_PARAMETER;
-        }
-
-        if (MmGetMdlByteCount(Irp->MdlAddress) <
-            (FIELD_OFFSET(TDI_CONNECTION_INFORMATION, RemoteAddress) +
-             sizeof(PVOID))) {
-          TI_DbgPrint(MID_TRACE, ("MDL buffer too small (ptr).\n"));
-          return STATUS_BUFFER_OVERFLOW;
         }
 
         return TCPGetSockAddress( Endpoint, AddressInfo->RemoteAddress, TRUE );