[ros-diffs] [cgutman] 54576: [AFD] - Fix the allocation size for AFD_ACTIVE_POLL to fix a 1 byte non-paged pool overrun

cgutman Sat, 03 Dec 2011 13:35:05 -0800

Author: cgutman
Date: Sat Dec  3 21:34:49 2011
New Revision: 54576

URL: http://svn.reactos.org/svn/reactos?rev=54576&view=rev
Log:
[AFD]
- Fix the allocation size for AFD_ACTIVE_POLL to fix a 1 byte non-paged pool 
overrun


Modified:
    trunk/reactos/drivers/network/afd/afd/select.c

Modified: trunk/reactos/drivers/network/afd/afd/select.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/select.c?rev=54576&r1=54575&r2=54576&view=diff
==============================================================================
--- trunk/reactos/drivers/network/afd/afd/select.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/network/afd/afd/select.c [iso-8859-1] Sat Dec  3 
21:34:49 2011
@@ -163,9 +163,6 @@
     PFILE_OBJECT FileObject;
     PAFD_POLL_INFO PollReq = Irp->AssociatedIrp.SystemBuffer;
     PAFD_DEVICE_EXTENSION DeviceExt = DeviceObject->DeviceExtension;
-    UINT CopySize = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
-    UINT AllocSize =
-       CopySize + sizeof(AFD_ACTIVE_POLL) - sizeof(AFD_POLL_INFO);
     KIRQL OldIrql;
     UINT i, Signalled = 0;
     ULONG Exclusive = PollReq->Exclusive;
@@ -223,7 +220,7 @@
 
        PAFD_ACTIVE_POLL Poll = NULL;
 
-       Poll = ExAllocatePool( NonPagedPool, AllocSize );
+       Poll = ExAllocatePool( NonPagedPool, sizeof(AFD_ACTIVE_POLL) );
 
        if (Poll){
           Poll->Irp = Irp;

[ros-diffs] [cgutman] 54576: [AFD] - Fix the allocation size for AFD_ACTIVE_POLL to fix a 1 byte non-paged pool overrun

Reply via email to