Alexandre Julliard : ntdll: Round header size to page boundary before checking it in PE header conversion.
Alexandre Julliard
julliard at winehq.org
Fri Jan 25 16:29:07 CST 2019
Module: wine
Branch: master
Commit: 96eebec967ebdef720f4f4d7adbc3ea8e19264a0
URL: https://source.winehq.org/git/wine.git/?a=commit;h=96eebec967ebdef720f4f4d7adbc3ea8e19264a0
Author: Alexandre Julliard <julliard at winehq.org>
Date: Fri Jan 25 12:46:37 2019 +0100
ntdll: Round header size to page boundary before checking it in PE header conversion.
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/ntdll/loader.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index 631e8bd..ecc09d3 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -1935,16 +1935,21 @@ static BOOL convert_to_pe64( HMODULE module, const pe_image_info_t *info )
IMAGE_NT_HEADERS *nt = RtlImageNtHeader( module );
SIZE_T hdr_size = min( sizeof(hdr32), nt->FileHeader.SizeOfOptionalHeader );
IMAGE_SECTION_HEADER *sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + hdr_size);
- SIZE_T size = (char *)(nt + 1) + nt->FileHeader.NumberOfSections * sizeof(*sec) - (char *)module;
+ SIZE_T size = info->header_size;
void *addr = module;
ULONG i, old_prot;
TRACE( "%p\n", module );
- if (size > info->header_size) return FALSE;
if (NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, PAGE_READWRITE, &old_prot ))
return FALSE;
+ if ((char *)module + size < (char *)(nt + 1) + nt->FileHeader.NumberOfSections * sizeof(*sec))
+ {
+ NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, old_prot, &old_prot );
+ return FALSE;
+ }
+
memcpy( &hdr32, &nt->OptionalHeader, hdr_size );
memcpy( &hdr64, &hdr32, offsetof( IMAGE_OPTIONAL_HEADER64, SizeOfStackReserve ));
hdr64.Magic = IMAGE_NT_OPTIONAL_HDR64_MAGIC;
More information about the wine-cvs
mailing list