From 87ef399d1cb2c325d8b742f6b77edf1c33f82a5b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 9 Nov 2020 22:21:12 +0100 Subject: [PATCH] driver: do not allow compiler to reload PacketSize In theory, the compiler could reload PacketSize after the bounds check but before it's passed to NdisAllocateNetBufferAndNetBufferList. In practice, it's not actually doing that, but better safe than sorry. Signed-off-by: Jason A. Donenfeld --- driver/wintun.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/driver/wintun.c b/driver/wintun.c index f170964..72178d4 100644 --- a/driver/wintun.c +++ b/driver/wintun.c @@ -483,7 +483,7 @@ TunProcessReceiveData(_Inout_ TUN_CTX *Ctx) break; TUN_PACKET *Packet = (TUN_PACKET *)(Ring->Data + RingHead); - ULONG PacketSize = Packet->Size; + ULONG PacketSize = *(volatile ULONG *)&Packet->Size; if (PacketSize > TUN_MAX_IP_PACKET_SIZE) break;