[Bug 38895] Multiple applications fail to load or crash due to incorrect security cookie randomization by loader (IrfanView WebP plugin, Word Viewer 2007)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Jul 11 19:31:01 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38895
Erich E. Hoover <erich.e.hoover at wine-staging.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #51833|0 |1
is obsolete| |
--- Comment #15 from Erich E. Hoover <erich.e.hoover at wine-staging.com> ---
Created attachment 51837
--> https://bugs.winehq.org/attachment.cgi?id=51837
ntdll: Only set the security cookie if it has not already been set (3).
(In reply to Sebastian Lackner from comment #14)
> (In reply to Erich E. Hoover from comment #11)
> > Created attachment 51833 [details]
> > ntdll: Only set the security cookie if it has not already been set (2).
>
> You still need to modify *cookie when the random number accidentically
> matches one of the default cookie initializers. Also, there is no need to
> repeat the check "cookie != NULL" three times.
>
> I am also unsure if its correct to allow 16bit/32bit cookie initializers on
> 64-bit. The code linked by Anastasius does allow it for 16-bit, but not for
> 32-bit.
My preference would be to implement it like the newly attached version. I was
trying to avoid changing things too much in the other patch, but I think this
is clearer. Do we have any other test apps that might have 64-bit cookies? We
should be able to improve things later if we run into trouble, but I think this
is at least a good start.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list