aboutsummaryrefslogtreecommitdiffstats
path: root/driver/wintun.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2021-05-10 19:02:49 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2021-05-10 19:02:49 +0200
commit6cf9ac71c3d4b712a1aa0da7e93b4382dfa7f274 (patch)
tree9770d4cdbebffc294b6c9351958d5277ebadbed8 /driver/wintun.c
parentdriver: move init-only functions into INIT segment (diff)
downloadwintun-6cf9ac71c3d4b712a1aa0da7e93b4382dfa7f274.tar.xz
wintun-6cf9ac71c3d4b712a1aa0da7e93b4382dfa7f274.zip
driver: do not assume aligned addresses when allocating MDLs
IoAllocateMdl allocates a different size structure depending on the bottom in-page bits of the address. By passing null, it assumes that the address is aligned within the page, which it might not be. Fix this by passing the eventual virtual address to the allocation function so that the right amount is always allocated. Reported-by: Oleksandr Muzychuk <oleksandr.muzychuk@apriorit.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'driver/wintun.c')
-rw-r--r--driver/wintun.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/driver/wintun.c b/driver/wintun.c
index 3e615bb..7cb72bb 100644
--- a/driver/wintun.c
+++ b/driver/wintun.c
@@ -517,13 +517,15 @@ TunProcessReceiveData(_Inout_ TUN_CTX *Ctx)
break;
RingHead = TUN_RING_WRAP(RingHead + AlignedPacketSize, RingCapacity);
- MDL *Mdl = IoAllocateMdl(NULL, PacketSize, FALSE, FALSE, NULL);
+ VOID *PacketAddr =
+ (UCHAR *)MmGetMdlVirtualAddress(Ctx->Device.Receive.Mdl) + (ULONG)(Packet->Data - (UCHAR *)Ring);
+ MDL *Mdl = IoAllocateMdl(PacketAddr, PacketSize, FALSE, FALSE, NULL);
if (!Mdl)
goto skipNbl;
IoBuildPartialMdl(
Ctx->Device.Receive.Mdl,
Mdl,
- (UCHAR *)MmGetMdlVirtualAddress(Ctx->Device.Receive.Mdl) + (ULONG)(Packet->Data - (UCHAR *)Ring),
+ PacketAddr,
PacketSize);
NET_BUFFER_LIST *Nbl = NdisAllocateNetBufferAndNetBufferList(Ctx->NblPool, 0, 0, Mdl, 0, PacketSize);
if (!Nbl)