Zebediah Figura : setupapi: Add magic bytes to struct file_queue and validate them in SetupCloseFileQueue ().

[Alexandre Julliard]

Module: wine
Branch: master
Commit: c65d98065c0038e0919f40bec4a9dc978fb2ade9
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=c65d98065c0038e0919f40bec4a9dc978fb2ade9

Author: Zebediah Figura <z.figura12 at gmail.com>
Date:   Thu May  2 23:10:04 2019 -0500

setupapi: Add magic bytes to struct file_queue and validate them in SetupCloseFileQueue().

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=12332
Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/setupapi/queue.c         | 11 +++++++++++
 dlls/setupapi/tests/install.c | 16 ++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/dlls/setupapi/queue.c b/dlls/setupapi/queue.c
index c065c6e..f267380 100644
--- a/dlls/setupapi/queue.c
+++ b/dlls/setupapi/queue.c
@@ -79,6 +79,7 @@ struct file_op_queue
 
 struct file_queue
 {
+    DWORD magic;
     struct file_op_queue copy_queue;
     struct file_op_queue delete_queue;
     struct file_op_queue rename_queue;
@@ -87,6 +88,7 @@ struct file_queue
     unsigned int source_count;
 };
 
+#define FILE_QUEUE_MAGIC 0x21514653
 
 /* append a file operation to a queue */
 static inline void queue_file_op( struct file_op_queue *queue, struct file_op *op )
@@ -434,6 +436,7 @@ HSPFILEQ WINAPI SetupOpenFileQueue(void)
 
     if (!(queue = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*queue))))
         return INVALID_HANDLE_VALUE;
+    queue->magic = FILE_QUEUE_MAGIC;
     return queue;
 }
 
@@ -446,6 +449,14 @@ BOOL WINAPI SetupCloseFileQueue( HSPFILEQ handle )
     struct file_queue *queue = handle;
     unsigned int i;
 
+    /* Windows XP DDK installer passes the handle returned from
+     * SetupInitDefaultQueueCallback() to this function. */
+    if (queue->magic != FILE_QUEUE_MAGIC)
+    {
+        SetLastError(ERROR_INVALID_HANDLE);
+        return FALSE;
+    }
+
     free_file_op_queue( &queue->copy_queue );
     free_file_op_queue( &queue->rename_queue );
     free_file_op_queue( &queue->delete_queue );
diff --git a/dlls/setupapi/tests/install.c b/dlls/setupapi/tests/install.c
index 15b789f..85f532a 100644
--- a/dlls/setupapi/tests/install.c
+++ b/dlls/setupapi/tests/install.c
@@ -1815,6 +1815,21 @@ static void test_need_media(void)
     ok(ret, "Failed to delete INF file, error %u.\n", GetLastError());
 }
 
+static void test_close_queue(void)
+{
+    void *context;
+    BOOL ret;
+
+    context = SetupInitDefaultQueueCallback(NULL);
+    ok(!!context, "Failed to create callback context, error %#x.\n", GetLastError());
+
+    ret = SetupCloseFileQueue(context);
+    ok(!ret, "Expected failure.\n");
+    ok(GetLastError() == ERROR_INVALID_HANDLE, "Got unexpected error %u.\n", GetLastError());
+
+    SetupTermDefaultQueueCallback(context);
+}
+
 START_TEST(install)
 {
     char temp_path[MAX_PATH], prev_path[MAX_PATH];
@@ -1841,6 +1856,7 @@ START_TEST(install)
     test_dirid();
     test_install_files_queue();
     test_need_media();
+    test_close_queue();
 
     UnhookWindowsHookEx(hhook);