Zebediah Figura : setupapi: Add magic bytes to struct file_queue and validate them in SetupCloseFileQueue().

Mon Nov 25 09:12:21 CST 2019

Module: wine
Branch: stable
Commit: 91fdecbd95ad84e0165b513711bb3d446ff8f4ad
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=91fdecbd95ad84e0165b513711bb3d446ff8f4ad

Author: Zebediah Figura <z.figura12 at gmail.com>
Date:   Thu May  2 23:10:04 2019 -0500

setupapi: Add magic bytes to struct file_queue and validate them in SetupCloseFileQueue().

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=12332
Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
(cherry picked from commit c65d98065c0038e0919f40bec4a9dc978fb2ade9)
Conflicts:
	dlls/setupapi/tests/install.c
Signed-off-by: Michael Stefaniuc <mstefani at winehq.org>

---

 dlls/setupapi/queue.c         | 11 +++++++++++
 dlls/setupapi/tests/install.c | 16 ++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/dlls/setupapi/queue.c b/dlls/setupapi/queue.c
index cc17966770..95c77b7f44 100644
--- a/dlls/setupapi/queue.c
+++ b/dlls/setupapi/queue.c
@@ -70,12 +70,14 @@ struct file_op_queue
 
 struct file_queue
 {
+    DWORD magic;
     struct file_op_queue copy_queue;
     struct file_op_queue delete_queue;
     struct file_op_queue rename_queue;
     DWORD                flags;
 };
 
+#define FILE_QUEUE_MAGIC 0x21514653
 
 /* append a file operation to a queue */
 static inline void queue_file_op( struct file_op_queue *queue, struct file_op *op )
@@ -413,6 +415,7 @@ HSPFILEQ WINAPI SetupOpenFileQueue(void)
 
     if (!(queue = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*queue))))
         return INVALID_HANDLE_VALUE;
+    queue->magic = FILE_QUEUE_MAGIC;
     return queue;
 }
 
@@ -424,6 +427,14 @@ BOOL WINAPI SetupCloseFileQueue( HSPFILEQ handle )
 {
     struct file_queue *queue = handle;
 
+    /* Windows XP DDK installer passes the handle returned from
+     * SetupInitDefaultQueueCallback() to this function. */
+    if (queue->magic != FILE_QUEUE_MAGIC)
+    {
+        SetLastError(ERROR_INVALID_HANDLE);
+        return FALSE;
+    }
+
     free_file_op_queue( &queue->copy_queue );
     free_file_op_queue( &queue->rename_queue );
     free_file_op_queue( &queue->delete_queue );
diff --git a/dlls/setupapi/tests/install.c b/dlls/setupapi/tests/install.c
index a3b562ecc8..5a915d650a 100644
--- a/dlls/setupapi/tests/install.c
+++ b/dlls/setupapi/tests/install.c
@@ -761,6 +761,21 @@ static void test_dirid(void)
     check_dirid(40, expected);
 }
 
+static void test_close_queue(void)
+{
+    void *context;
+    BOOL ret;
+
+    context = SetupInitDefaultQueueCallback(NULL);
+    ok(!!context, "Failed to create callback context, error %#x.\n", GetLastError());
+
+    ret = SetupCloseFileQueue(context);
+    ok(!ret, "Expected failure.\n");
+    ok(GetLastError() == ERROR_INVALID_HANDLE, "Got unexpected error %u.\n", GetLastError());
+
+    SetupTermDefaultQueueCallback(context);
+}
+
 START_TEST(install)
 {
     char temp_path[MAX_PATH], prev_path[MAX_PATH];
@@ -785,6 +800,7 @@ START_TEST(install)
     test_install_svc_from();
     test_driver_install();
     test_dirid();
+    test_close_queue();
 
     UnhookWindowsHookEx(hhook);
 


