diff options
| author | dnobori <da.git@softether.co.jp> | 2015-10-19 15:30:51 +0300 |
|---|---|---|
| committer | dnobori <da.git@softether.co.jp> | 2015-10-19 15:30:51 +0300 |
| commit | d3a1b26413acf3b387475f9ec5c4cbd93c5ffffe (patch) | |
| tree | e248aa6f09b05d45696ecac1da7ecfa540fac91c /src/Neo6/NDIS6.c | |
| parent | 4e862a7e40c095ac6ac8b1417890008fbd614ebb (diff) | |
v4.19-9599-beta
Diffstat (limited to 'src/Neo6/NDIS6.c')
| -rw-r--r-- | src/Neo6/NDIS6.c | 78 |
1 files changed, 44 insertions, 34 deletions
diff --git a/src/Neo6/NDIS6.c b/src/Neo6/NDIS6.c index 03841939..61ff4e5b 100644 --- a/src/Neo6/NDIS6.c +++ b/src/Neo6/NDIS6.c @@ -562,25 +562,36 @@ NTSTATUS NeoNdisDispatch(DEVICE_OBJECT *DeviceObject, IRP *Irp) if (stack->Parameters.Read.Length == NEO_EXCHANGE_BUFFER_SIZE)
{
// Address check
- MDL *mdl = IoAllocateMdl(buf, NEO_EXCHANGE_BUFFER_SIZE, false, false, NULL);
-
- if (mdl != NULL)
+ bool check_ok = true;
+ __try
+ {
+ ProbeForWrite(buf, NEO_EXCHANGE_BUFFER_SIZE, 1);
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
{
- MmProbeAndLockPages(mdl, KernelMode, IoWriteAccess);
+ check_ok = false;
}
- if (NeoIsKernelAddress(buf) == FALSE)
+ if (check_ok)
{
+ // Address check
+ MDL *mdl = IoAllocateMdl(buf, NEO_EXCHANGE_BUFFER_SIZE, false, false, NULL);
+
+ if (mdl != NULL)
+ {
+ MmProbeAndLockPages(mdl, KernelMode, IoWriteAccess);
+ }
+
// Read
NeoRead(buf);
Irp->IoStatus.Information = NEO_EXCHANGE_BUFFER_SIZE;
ok = true;
- }
- if (mdl != NULL)
- {
- MmUnlockPages(mdl);
- IoFreeMdl(mdl);
+ if (mdl != NULL)
+ {
+ MmUnlockPages(mdl);
+ IoFreeMdl(mdl);
+ }
}
}
}
@@ -603,25 +614,38 @@ NTSTATUS NeoNdisDispatch(DEVICE_OBJECT *DeviceObject, IRP *Irp) if (stack->Parameters.Write.Length == NEO_EXCHANGE_BUFFER_SIZE)
{
// Address check
- MDL *mdl = IoAllocateMdl(buf, NEO_EXCHANGE_BUFFER_SIZE, false, false, NULL);
-
- if (mdl != NULL)
+ bool check_ok = true;
+ __try
{
- MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
+ ProbeForRead(buf, NEO_EXCHANGE_BUFFER_SIZE, 1);
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+ check_ok = false;
}
- if (NeoIsKernelAddress(buf) == FALSE)
+ if (check_ok)
{
+ // Address check
+ MDL *mdl = IoAllocateMdl(buf, NEO_EXCHANGE_BUFFER_SIZE, false, false, NULL);
+
+ if (mdl != NULL)
+ {
+ MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
+ }
+
+ ProbeForRead(buf, NEO_EXCHANGE_BUFFER_SIZE, 1);
+
// Write
NeoWrite(buf);
Irp->IoStatus.Information = stack->Parameters.Write.Length;
ok = true;
- }
- if (mdl != NULL)
- {
- MmUnlockPages(mdl);
- IoFreeMdl(mdl);
+ if (mdl != NULL)
+ {
+ MmUnlockPages(mdl);
+ IoFreeMdl(mdl);
+ }
}
}
}
@@ -1644,20 +1668,6 @@ PACKET_BUFFER *NeoNewPacketBuffer() return p;
}
-// Check whether the specified address is kernel memory
-BOOL NeoIsKernelAddress(void *addr)
-{
-#if 0
- if ((ULONG)addr >= (ULONG)0x80000000)
- {
- // Kernel memory
- return TRUE;
- }
-#endif // CPU_64
- // User memory
- return FALSE;
-}
-
// Reset the event
void NeoReset(NEO_EVENT *event)
{
|