Author: cgutman
Date: Sun Jan 8 06:51:44 2012
New Revision: 54877
URL: http://svn.reactos.org/svn/reactos?rev=54877&view=rev
Log:
[NDISUIO]
- Fix a query binding bug that caused access to unallocated memory
[WLANCONF]
- Fix parameter parsing and dumb IOCTL_NDISUIO_QUERY_BINDING usage
Modified:
branches/wlan-bringup/base/applications/network/wlanconf/wlanconf.c
branches/wlan-bringup/drivers/network/ndisuio/ioctl.c
Modified: branches/wlan-bringup/base/applications/network/wlanconf/wlanconf.c
URL:
http://svn.reactos.org/svn/reactos/branches/wlan-bringup/base/applications/network/wlanconf/wlanconf.c?rev=54877&r1=54876&r2=54877&view=diff
==============================================================================
--- branches/wlan-bringup/base/applications/network/wlanconf/wlanconf.c
[iso-8859-1] (original)
+++ branches/wlan-bringup/base/applications/network/wlanconf/wlanconf.c
[iso-8859-1] Sun Jan 8 06:51:44 2012
@@ -132,21 +132,16 @@
return INVALID_HANDLE_VALUE;
}
- /* Query for bindable adapters */
- QueryBinding->BindingIndex = 0;
- do {
- bSuccess = DeviceIoControl(hDriver,
- IOCTL_NDISUIO_QUERY_BINDING,
- QueryBinding,
- QueryBindingSize,
- QueryBinding,
- QueryBindingSize,
- &dwBytesReturned,
- NULL);
- if (QueryBinding->BindingIndex == Index)
- break;
- QueryBinding->BindingIndex++;
- } while (bSuccess);
+ /* Query the adapter binding information */
+ QueryBinding->BindingIndex = Index;
+ bSuccess = DeviceIoControl(hDriver,
+ IOCTL_NDISUIO_QUERY_BINDING,
+ QueryBinding,
+ QueryBindingSize,
+ QueryBinding,
+ QueryBindingSize,
+ &dwBytesReturned,
+ NULL);
if (!bSuccess)
{
@@ -540,35 +535,46 @@
for (i = 1; i < argc; i++)
{
- if ((argc > 1) && (argv[i][0] == '-'))
- {
- TCHAR c;
-
- while ((c = *++argv[i]) != '\0')
+ if (argv[i][0] == '-')
+ {
+ switch (argv[i][1])
{
- switch (c)
- {
- case 's':
- bScan = TRUE;
- break;
- case 'd':
- bDisconnect = TRUE;
- break;
- case 'c':
- bConnect = TRUE;
- sSsid = argv[++i];
- break;
- case 'w':
- sWepKey = argv[++i];
- break;
- case 'a':
- bAdhoc = TRUE;
- break;
- default :
+ case 's':
+ bScan = TRUE;
+ break;
+ case 'd':
+ bDisconnect = TRUE;
+ break;
+ case 'c':
+ if (i == argc - 1)
+ {
Usage();
return FALSE;
- }
+ }
+ bConnect = TRUE;
+ sSsid = argv[++i];
+ break;
+ case 'w':
+ if (i == argc - 1)
+ {
+ Usage();
+ return FALSE;
+ }
+ sWepKey = argv[++i];
+ break;
+ case 'a':
+ bAdhoc = TRUE;
+ break;
+ default :
+ Usage();
+ return FALSE;
}
+
+ }
+ else
+ {
+ Usage();
+ return FALSE;
}
}
Modified: branches/wlan-bringup/drivers/network/ndisuio/ioctl.c
URL:
http://svn.reactos.org/svn/reactos/branches/wlan-bringup/drivers/network/ndisuio/ioctl.c?rev=54877&r1=54876&r2=54877&view=diff
==============================================================================
--- branches/wlan-bringup/drivers/network/ndisuio/ioctl.c [iso-8859-1]
(original)
+++ branches/wlan-bringup/drivers/network/ndisuio/ioctl.c [iso-8859-1] Sun Jan
8 06:51:44 2012
@@ -33,7 +33,7 @@
NTSTATUS
QueryBinding(PIRP Irp, PIO_STACK_LOCATION IrpSp)
{
- PNDISUIO_ADAPTER_CONTEXT AdapterContext;
+ PNDISUIO_ADAPTER_CONTEXT AdapterContext = NULL;
PNDISUIO_QUERY_BINDING QueryBinding = Irp->AssociatedIrp.SystemBuffer;
ULONG BindingLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
NTSTATUS Status;
@@ -50,14 +50,16 @@
while (CurrentEntry != &GlobalAdapterList)
{
if (i == QueryBinding->BindingIndex)
+ {
+ AdapterContext = CONTAINING_RECORD(CurrentEntry,
NDISUIO_ADAPTER_CONTEXT, ListEntry);
break;
+ }
i++;
CurrentEntry = CurrentEntry->Flink;
}
KeReleaseSpinLock(&GlobalAdapterListLock, OldIrql);
- if (i == QueryBinding->BindingIndex)
- {
- AdapterContext = CONTAINING_RECORD(CurrentEntry,
NDISUIO_ADAPTER_CONTEXT, ListEntry);
+ if (AdapterContext)
+ {
DPRINT("Query binding for index %d is adapter %wZ\n", i,
&AdapterContext->DeviceName);
BytesCopied = sizeof(NDISUIO_QUERY_BINDING);
if (AdapterContext->DeviceName.Length <= BindingLength -
BytesCopied)
