Is raspppoe.sys creating invalid NDIS_OID_REQUEST objects?
Our NDIS LWF driver, Npcap, has been accused of causing BSoD (NDIS_BUGCHECK_INVALID_OBJECT_HEADER
) when users dial-up to a PPPoE connection. However, the crash happens in NdisAllocateCloneOidRequest()
, and the source object being cloned is passed through directly from the argument to our FilterOidRequest function. It appears the NDIS_OBJECT_HEADER
has Type, Size, and Revision set to 0, and the source driver is raspppoe.sys. Should our driver be checking the validity of NDIS_OID_REQUEST
objects received from NDIS? Or is this a bug in raspppoe.sys?
For further information, including windbg traces, see the issue on our Github Issues tracker.