Author: cgutman
Date: Mon Dec 5 03:51:01 2011
New Revision: 54598
URL: http://svn.reactos.org/svn/reactos?rev=54598&view=rev
Log:
[TCPIP]
- Fix the overflow fix
Modified:
trunk/reactos/drivers/network/tcpip/include/receive.h
trunk/reactos/lib/drivers/ip/network/receive.c
Modified: trunk/reactos/drivers/network/tcpip/include/receive.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/tcpip/include/receive.h?rev=54598&r1=54597&r2=54598&view=diff
==============================================================================
--- trunk/reactos/drivers/network/tcpip/include/receive.h [iso-8859-1]
(original)
+++ trunk/reactos/drivers/network/tcpip/include/receive.h [iso-8859-1] Mon Dec
5 03:51:01 2011
@@ -38,7 +38,7 @@
IP_ADDRESS DstAddr; /* Destination address */
UCHAR Protocol; /* Internet Protocol number */
USHORT Id; /* Identification number */
- IP_HEADER IPv4Header; /* Pointer to IP header */
+ PIP_HEADER IPv4Header; /* Pointer to IP header */
UINT HeaderSize; /* Length of IP header */
LIST_ENTRY FragmentListHead; /* IP fragment list */
LIST_ENTRY HoleListHead; /* IP datagram hole list */
Modified: trunk/reactos/lib/drivers/ip/network/receive.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ip/network/receive.c?rev=54598&r1=54597&r2=54598&view=diff
==============================================================================
--- trunk/reactos/lib/drivers/ip/network/receive.c [iso-8859-1] (original)
+++ trunk/reactos/lib/drivers/ip/network/receive.c [iso-8859-1] Mon Dec 5
03:51:01 2011
@@ -108,6 +108,12 @@
CurrentEntry = NextEntry;
}
+ if (IPDR->IPv4Header)
+ {
+ TI_DbgPrint(DEBUG_IP, ("Freeing IPDR header at (0x%X).\n",
IPDR->IPv4Header));
+ ExFreePoolWithTag(IPDR->IPv4Header, PACKET_BUFFER_TAG);
+ }
+
TI_DbgPrint(DEBUG_IP, ("Freeing IPDR data at (0x%X).\n", IPDR));
ExFreeToNPagedLookasideList(&IPDRList, IPDR);
@@ -218,7 +224,7 @@
IPPacket->MappedHeader = FALSE;
/* Copy the header into the buffer */
- RtlCopyMemory(IPPacket->Header, &IPDR->IPv4Header, sizeof(IPDR->IPv4Header));
+ RtlCopyMemory(IPPacket->Header, IPDR->IPv4Header, IPDR->HeaderSize);
Data = (PVOID)((ULONG_PTR)IPPacket->Header + IPDR->HeaderSize);
IPPacket->Data = Data;
@@ -394,11 +400,21 @@
/* If this is the first fragment, save the IP header */
if (FragFirst == 0) {
- TI_DbgPrint(DEBUG_IP, ("First fragment found. Header buffer is at
(0x%X). "
- "Header size is (%d).\n", &IPDR->IPv4Header, IPPacket->HeaderSize));
-
- RtlCopyMemory(&IPDR->IPv4Header, IPPacket->Header,
sizeof(IPDR->IPv4Header));
- IPDR->HeaderSize = sizeof(IPDR->IPv4Header);
+ IPDR->IPv4Header = ExAllocatePoolWithTag(NonPagedPool,
+ IPPacket->HeaderSize,
+ PACKET_BUFFER_TAG);
+ if (!IPDR->IPv4Header)
+ {
+ Cleanup(&IPDR->Lock, OldIrql, IPDR);
+ return;
+ }
+
+ RtlCopyMemory(IPDR->IPv4Header, IPPacket->Header,
IPPacket->HeaderSize);
+ IPDR->HeaderSize = IPPacket->HeaderSize;
+
+ TI_DbgPrint(DEBUG_IP, ("First fragment found. Header buffer is at
(0x%X). "
+ "Header size is (%d).\n", &IPDR->IPv4Header,
IPPacket->HeaderSize));
+
}
/* Create a buffer, copy the data into it and put it
