[PATCH v2 0/2] MR6548: nsiproxy: Only set the connection count from tcp_conns_enumerate_all/udp_endpoint_enumerate_all when appropriate.
Fixes heap corruption downstream in NsiEnumerateObjectsAllParametersEx.
Fixes regressions from 9085bc7b87f and a3f737f6143.
---
I missed this piece of logic in MR !6399. The original line that implemented it is this: https://gitlab.winehq.org/wine/wine/-/blob/1d05064e747f9998fd705345659030e60...
-- v2: nsiproxy: Only set the connection count from udp_endpoint_enumerate_all when appropriate.
From: Tim Clem tclem@codeweavers.com
Fixes heap corruption downstream in NsiEnumerateObjectsAllParametersEx.
Fixes a regression from 9085bc7b87f. --- dlls/nsiproxy.sys/tcp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/dlls/nsiproxy.sys/tcp.c b/dlls/nsiproxy.sys/tcp.c index 7a3004b1a97..2c55db30523 100644 --- a/dlls/nsiproxy.sys/tcp.c +++ b/dlls/nsiproxy.sys/tcp.c @@ -322,8 +322,14 @@ static NTSTATUS tcp_conns_enumerate_all( UINT filter, struct nsi_tcp_conn_key *k *count = reply->count; else if (ret == STATUS_BUFFER_TOO_SMALL) { - *count = reply->count; - if (want_data) + if (!want_data) + { + /* If we were given buffers, the outgoing count must never be + greater than the incoming one. If we weren't, the count + should be set to the actual count. */ + *count = reply->count; + } + else { free( connections ); return STATUS_BUFFER_OVERFLOW;
From: Tim Clem tclem@codeweavers.com
Fixes heap corruption downstream in NsiEnumerateObjectsAllParametersEx.
Fixes a regression from a3f737f6143. --- dlls/nsiproxy.sys/udp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/dlls/nsiproxy.sys/udp.c b/dlls/nsiproxy.sys/udp.c index 1d790484d8f..13d2e631b08 100644 --- a/dlls/nsiproxy.sys/udp.c +++ b/dlls/nsiproxy.sys/udp.c @@ -231,8 +231,14 @@ static NTSTATUS udp_endpoint_enumerate_all( void *key_data, UINT key_size, void *count = reply->count; else if (ret == STATUS_BUFFER_TOO_SMALL) { - *count = reply->count; - if (want_data) + if (!want_data) + { + /* If we were given buffers, the outgoing count must never be + greater than the incoming one. If we weren't, the count + should be set to the actual count. */ + *count = reply->count; + } + else { free( endpoints ); return STATUS_BUFFER_OVERFLOW;
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=148590
Your paranoid android.
=== debian11 (build log) ===
../wine/dlls/nsiproxy.sys/udp.c:246:13: error: expected ‘}’ before ‘else’ ../wine/dlls/nsiproxy.sys/udp.c:248:5: error: expected ‘while’ before ‘}’ token Task: The win32 Wine build failed
=== debian11b (build log) ===
../wine/dlls/nsiproxy.sys/udp.c:246:13: error: expected ‘}’ before ‘else’ ../wine/dlls/nsiproxy.sys/udp.c:248:5: error: expected ‘while’ before ‘}’ token Task: The wow64 Wine build failed
-
Marvin -
Tim Clem -
Tim Clem (@tclem)