https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f54fb980baf0e35738cf97bae8d4e7ff3dc04737
commit f54fb980baf0e35738cf97bae8d4e7ff3dc04737 Author: Thomas Faber <[email protected]> AuthorDate: Mon Jan 8 13:58:20 2018 +0100 [TCPIP] Fix buffer sizes in ReadIpConfiguration. --- drivers/network/tcpip/datalink/lan.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/network/tcpip/datalink/lan.c b/drivers/network/tcpip/datalink/lan.c index 23ffbbab46..35fe5bef57 100644 --- a/drivers/network/tcpip/datalink/lan.c +++ b/drivers/network/tcpip/datalink/lan.c @@ -570,6 +570,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface) OBJECT_ATTRIBUTES ObjectAttributes; HANDLE ParameterHandle; PKEY_VALUE_PARTIAL_INFORMATION KeyValueInfo; + ULONG KeyValueInfoLength; WCHAR Buffer[150]; UNICODE_STRING IPAddress = RTL_CONSTANT_STRING(L"IPAddress"); UNICODE_STRING Netmask = RTL_CONSTANT_STRING(L"SubnetMask"); @@ -608,31 +609,34 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface) } else { - KeyValueInfo = ExAllocatePoolWithTag(PagedPool, sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR), KEY_VALUE_TAG); + KeyValueInfoLength = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + 16 * sizeof(WCHAR); + KeyValueInfo = ExAllocatePoolWithTag(PagedPool, + KeyValueInfoLength, + KEY_VALUE_TAG); if (!KeyValueInfo) { ZwClose(ParameterHandle); return FALSE; } - + /* Read the EnableDHCP entry */ Status = ZwQueryValueKey(ParameterHandle, &EnableDhcp, KeyValuePartialInformation, KeyValueInfo, - sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG), + KeyValueInfoLength, &Unused); if (NT_SUCCESS(Status) && KeyValueInfo->DataLength == sizeof(ULONG) && (*(PULONG)KeyValueInfo->Data) == 0) { - RegistryDataU.MaximumLength = 16 + sizeof(WCHAR); + RegistryDataU.MaximumLength = KeyValueInfoLength - FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data); RegistryDataU.Buffer = (PWCHAR)KeyValueInfo->Data; - + /* Read the IP address */ Status = ZwQueryValueKey(ParameterHandle, &IPAddress, KeyValuePartialInformation, KeyValueInfo, - sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR), + KeyValueInfoLength, &Unused); if (NT_SUCCESS(Status)) { @@ -653,7 +657,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface) &Netmask, KeyValuePartialInformation, KeyValueInfo, - sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR), + KeyValueInfoLength, &Unused); if (NT_SUCCESS(Status)) { @@ -682,7 +686,7 @@ BOOLEAN ReadIpConfiguration(PIP_INTERFACE Interface) &Gateway, KeyValuePartialInformation, KeyValueInfo, - sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 16 * sizeof(WCHAR), + KeyValueInfoLength, &Unused); if (NT_SUCCESS(Status)) {
