in common/ntb.cpp [350:421]
NTSTATUS GetNextNdp(
void
)
{
const size_t minDptSize = sizeof(NDP) + 2 * sizeof(DPE);
if (m_NextNdpIndex == 0)
{
return STATUS_NO_MORE_ENTRIES;
}
m_CurrentNdpDatagramIndex = 0;
m_CurrentNdpDatagramCount = 0;
if ((m_NextNdpIndex < sizeof(NTH)) ||
((m_NextNdpIndex + minDptSize) > m_BlockLength))
{
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP size #1");
}
const NDP & ndpHeader = (const NDP &) *(m_Buffer + m_NextNdpIndex);
if (ndp_sig != ndpHeader.Signature)
{
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP signature");
}
if ((ndpHeader.Length < minDptSize) ||
((ndpHeader.Length & 0x3) != 0) ||
((m_NextNdpIndex + ndpHeader.Length) > m_BlockLength))
{
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP size #2");
}
if ((ndpHeader.NextNdpIndex != 0) &&
((ndpHeader.NextNdpIndex < sizeof(NTH)) ||
((ndpHeader.NextNdpIndex + minDptSize) > m_BlockLength)))
{
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP size #3");
}
// scan the table's datagram entries for validity
// note: if any invalid entries are found, the entire table, and any subsequent tables, are rejected
UINT32 currentNdpDatagramCount = 0;
for (size_t offset = sizeof(NDP); offset < ndpHeader.Length; offset += sizeof(DPE))
{
const DPE & datagram = (const DPE &) *(m_Buffer + m_NextNdpIndex + offset);
if (datagram.DatagramIndex == 0 || datagram.DatagramLength == 0)
{
m_CurrentNdpIndex = m_NextNdpIndex;
m_NextNdpIndex = ndpHeader.NextNdpIndex;
m_CurrentNdpDatagramCount = currentNdpDatagramCount;
return STATUS_SUCCESS;
}
if ((datagram.DatagramIndex < sizeof(NTH)) ||
(datagram.DatagramIndex > m_BlockLength) ||
(((UINT64) datagram.DatagramIndex + (UINT64) datagram.DatagramLength) > m_BlockLength))
{
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP that not terminates");
}
currentNdpDatagramCount++;
}
NCM_RETURN_IF_NOT_NT_SUCCESS_MSG(STATUS_BAD_DATA, "Bad NDP size #4");
return STATUS_BAD_DATA;
};