[ros-diffs] [cgutman] 35419: - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash

cgutman at svn.reactos.org cgutman at svn.reactos.org
Mon Aug 18 00:12:31 CEST 2008 

Author: cgutman
Date: Sun Aug 17 17:12:31 2008
New Revision: 35419

URL: http://svn.reactos.org/svn/reactos?rev=35419&view=rev
Log:
 - Change STATUS_UNSUCCESSFUL to STATUS_FILE_CLOSED
 - Move the Irp->Cancel check after SocketAcquireStateLock to fix a possible crash
 - Change STATUS_INVALID_PARAMETER to STATUS_FILE_CLOSED
 - Move SocketAcquireStateLock in front of the check for a NULL return from LockRequest to prevent another possible crash

Modified:
    branches/aicom-network-fixes/drivers/network/afd/afd/listen.c
    branches/aicom-network-fixes/drivers/network/afd/afd/lock.c
    branches/aicom-network-fixes/drivers/network/afd/afd/read.c
    branches/aicom-network-fixes/drivers/network/afd/afd/select.c

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/listen.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/network/afd/afd/listen.c?rev=35419&r1=35418&r2=35419&view=diff
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/listen.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -83,19 +83,18 @@
 ( PDEVICE_OBJECT DeviceObject,
   PIRP Irp,
   PVOID Context ) {
-    NTSTATUS Status = STATUS_UNSUCCESSFUL;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     PAFD_FCB FCB = (PAFD_FCB)Context;
     PAFD_TDI_OBJECT_QELT Qelt;
 
-    if ( Irp->Cancel ) {
-	/* FIXME: is this anything else we need to do? */
-	FCB->ListenIrp.InFlightRequest = NULL;
+    if( !SocketAcquireStateLock( FCB ) ) return Status;
+
+    FCB->ListenIrp.InFlightRequest = NULL;
+
+    if( Irp->Cancel ) {
+	SocketStateUnlock( FCB );
 	return STATUS_SUCCESS;
     }
-
-    if( !SocketAcquireStateLock( FCB ) ) return Status;
-
-    FCB->ListenIrp.InFlightRequest = NULL;
 
     if( FCB->State == SOCKET_STATE_CLOSED ) {
 	SocketStateUnlock( FCB );

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/lock.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/network/afd/afd/lock.c?rev=35419&r1=35418&r2=35419&view=diff
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/lock.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -262,7 +262,7 @@
 
 
 NTSTATUS LostSocket( PIRP Irp ) {
-    NTSTATUS Status = STATUS_INVALID_PARAMETER;
+    NTSTATUS Status = STATUS_FILE_CLOSED;
     AFD_DbgPrint(MIN_TRACE,("Called.\n"));
     Irp->IoStatus.Information = 0;
     Irp->IoStatus.Status = Status;

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/read.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/network/afd/afd/read.c?rev=35419&r1=35418&r2=35419&view=diff
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/read.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -449,7 +449,7 @@
 
     AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB));
 
-    if( !SocketAcquireStateLock( FCB ) ) return STATUS_UNSUCCESSFUL;
+    if( !SocketAcquireStateLock( FCB ) ) return STATUS_FILE_CLOSED;
 
     FCB->ReceiveIrp.InFlightRequest = NULL;
 

Modified: branches/aicom-network-fixes/drivers/network/afd/afd/select.c
URL: http://svn.reactos.org/svn/reactos/branches/aicom-network-fixes/drivers/network/afd/afd/select.c?rev=35419&r1=35418&r2=35419&view=diff
==============================================================================
--- branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] (original)
+++ branches/aicom-network-fixes/drivers/network/afd/afd/select.c [iso-8859-1] Sun Aug 17 17:12:31 2008
@@ -277,6 +277,10 @@
 	(PAFD_EVENT_SELECT_INFO)LockRequest( Irp, IrpSp );
     PAFD_FCB FCB = FileObject->FsContext;
 
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EventSelectInfo ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
 				   0, NULL );
@@ -284,10 +288,6 @@
     AFD_DbgPrint(MID_TRACE,("Called (Event %x Triggers %x)\n",
 			    EventSelectInfo->EventObject,
 			    EventSelectInfo->Events));
-
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
-    }
 
     FCB->EventSelectTriggers = FCB->EventsFired = 0;
     if( FCB->EventSelect ) ObDereferenceObject( FCB->EventSelect );
@@ -325,13 +325,13 @@
 
     AFD_DbgPrint(MID_TRACE,("Called (FCB %x)\n", FCB));
 
+    if( !SocketAcquireStateLock( FCB ) ) {
+	return LostSocket( Irp );
+    }
+
     if ( !EnumReq ) {
          return UnlockAndMaybeComplete( FCB, STATUS_NO_MEMORY, Irp,
 				   0, NULL );
-    }
-
-    if( !SocketAcquireStateLock( FCB ) ) {
-	return LostSocket( Irp );
     }
 
     EnumReq->PollEvents = FCB->PollState;

More information about the Ros-diffs mailing list