Sebastian Lackner : ntdll: Validate SecurityCookie pointer before accessing cookie value.
Alexandre Julliard
julliard at wine.codeweavers.com
Thu Jul 30 17:10:04 CDT 2015
Module: wine
Branch: master
Commit: 6e66c12c68c6b35ec6ff037e032979fb1dacbe26
URL: http://source.winehq.org/git/wine.git/?a=commit;h=6e66c12c68c6b35ec6ff037e032979fb1dacbe26
Author: Sebastian Lackner <sebastian at fds-team.de>
Date: Thu Jul 30 07:14:23 2015 +0200
ntdll: Validate SecurityCookie pointer before accessing cookie value.
---
dlls/ntdll/virtual.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 479ca79..2fd8198 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1320,9 +1320,11 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
- if (loadcfg &&
- loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie))
+ if (loadcfg && loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie) &&
+ (ULONG_PTR)ptr <= loadcfg->SecurityCookie && loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR))
+ {
set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
+ }
/* set the image protections */
More information about the wine-cvs
mailing list