From f7c9604520556c61507ddb507479663681aeaf2c Mon Sep 17 00:00:00 2001
From: hater <7element@mail.bg>
Date: Wed, 4 Nov 2015 11:37:39 +0200
Subject: [PATCH] Add bad pointer checks. disable debug messages

---
 reactos/dll/win32/ws2_32_new/src/rnr.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/reactos/dll/win32/ws2_32_new/src/rnr.c b/reactos/dll/win32/ws2_32_new/src/rnr.c
index ea9f535..c8eb145 100644
--- a/reactos/dll/win32/ws2_32_new/src/rnr.c
+++ b/reactos/dll/win32/ws2_32_new/src/rnr.c
@@ -10,7 +10,7 @@
 
 #include <ws2_32.h>
 
-//#define NDEBUG
+#define NDEBUG
 #include <debug.h>
 
 /* FUNCTIONS *****************************************************************/
@@ -214,7 +214,7 @@ WSALookupServiceEnd(IN HANDLE hLookup)
     }
 
     /* Check for a valid handle, then validate and reference it */
-    if (!(Query) || !(WsNqValidateAndReference(Query)))
+    if (IsBadReadPtr(Query, sizeof(*Query)) || !WsNqValidateAndReference(Query))
     {
         /* Fail */
         SetLastError(WSA_INVALID_HANDLE);
@@ -249,7 +249,8 @@ WSALookupServiceBeginA(IN LPWSAQUERYSETA lpqsRestrictions,
     DPRINT("WSALookupServiceBeginA: %p\n", lpqsRestrictions);
 
     /* Verifiy pointer */
-    if (IsBadReadPtr(lpqsRestrictions, sizeof(*lpqsRestrictions)))
+    if (IsBadReadPtr(lpqsRestrictions, sizeof(*lpqsRestrictions)) || 
+        IsBadReadPtr(lpqsRestrictions->lpServiceClassId, sizeof(*lpqsRestrictions->lpServiceClassId)))
     {
         /* Invalid */
         SetLastError(WSAEFAULT);
@@ -334,7 +335,8 @@ WSALookupServiceBeginW(IN LPWSAQUERYSETW lpqsRestrictions,
 
     /* Verify pointers */
     if (IsBadWritePtr(lphLookup, sizeof(*lphLookup)) ||
-        IsBadReadPtr(lpqsRestrictions, sizeof(*lpqsRestrictions)))
+        IsBadReadPtr(lpqsRestrictions, sizeof(*lpqsRestrictions)) ||
+        IsBadReadPtr(lpqsRestrictions->lpServiceClassId, sizeof(*lpqsRestrictions->lpServiceClassId)))
     {
         /* They are invalid; fail */
         SetLastError(WSAEFAULT);
@@ -401,8 +403,16 @@ WSALookupServiceNextW(IN HANDLE hLookup,
         return SOCKET_ERROR;
     }
 
+    /* Verify pointer */
+    if (IsBadWritePtr(lpqsResults, sizeof(*lpqsResults)))
+    {
+        /* It is invalid; fail */
+        SetLastError(WSAEFAULT);
+        return SOCKET_ERROR;
+    }
+
     /* Check for a valid handle, then validate and reference it */
-    if (!(Query) || !(WsNqValidateAndReference(Query)))
+    if (IsBadReadPtr(Query, sizeof(*Query)) || !WsNqValidateAndReference(Query))
     {
         /* Fail */
         SetLastError(WSA_INVALID_HANDLE);
-- 
1.9.5.msysgit.0