[PATCH v2 2/2] server: Validate the filter window handle in get_message.
Zebediah Figura
z.figura12 at gmail.com
Sat Sep 14 12:35:41 CDT 2019
Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
---
v2: Move the check to the server, partly to avoid making another server call.
dlls/user32/tests/msg.c | 42 +++++++++++++++++++++++++++++++++++++++++
server/queue.c | 6 ++++++
2 files changed, 48 insertions(+)
diff --git a/dlls/user32/tests/msg.c b/dlls/user32/tests/msg.c
index 058520a37ac..683fc15c208 100644
--- a/dlls/user32/tests/msg.c
+++ b/dlls/user32/tests/msg.c
@@ -12173,6 +12173,31 @@ todo_wine {
qstatus = GetQueueStatus(qs_all_input);
ok(qstatus == 0, "wrong qstatus %08x\n", qstatus);
}
+
+ PostThreadMessageA(GetCurrentThreadId(), WM_USER, 0, 0);
+ ret = PeekMessageA(&msg, (HWND)-1, 0, 0, PM_NOREMOVE);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+ ret = GetMessageA(&msg, (HWND)-1, 0, 0);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+
+ PostThreadMessageA(GetCurrentThreadId(), WM_USER, 0, 0);
+ ret = PeekMessageA(&msg, (HWND)1, 0, 0, PM_NOREMOVE);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+ ret = GetMessageA(&msg, (HWND)1, 0, 0);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+
+ PostThreadMessageA(GetCurrentThreadId(), WM_USER, 0, 0);
+ ret = PeekMessageA(&msg, (HWND)0xffff, 0, 0, PM_NOREMOVE);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+ ret = GetMessageA(&msg, (HWND)0xffff, 0, 0);
+ ok(ret == TRUE, "wrong ret %d\n", ret);
+ ok(msg.message == WM_USER, "wrong message %u\n", msg.message);
+
done:
trace("signalling to exit\n");
SetEvent(info.hevent[EV_STOP]);
@@ -17697,6 +17722,22 @@ static void test_SendMessage_pump(void)
DestroyWindow(hwnd);
}
+static void test_invalid_window(void)
+{
+ MSG msg;
+ BOOL ret;
+
+ SetLastError(0xdeadbeef);
+ ret = GetMessageA(&msg, (HWND)0xdeadbeef, 0, 0);
+ ok(ret == -1, "wrong ret %d\n", ret);
+ ok(GetLastError() == ERROR_INVALID_WINDOW_HANDLE, "wrong error %u\n", GetLastError());
+
+ SetLastError(0xdeadbeef);
+ ret = PeekMessageA(&msg, (HWND)0xdeadbeef, 0, 0, PM_REMOVE);
+ ok(!ret, "wrong ret %d\n", ret);
+ ok(GetLastError() == ERROR_INVALID_WINDOW_HANDLE, "wrong error %u\n", GetLastError());
+}
+
static void init_funcs(void)
{
HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
@@ -17822,6 +17863,7 @@ START_TEST(msg)
test_notify_message();
test_SetActiveWindow();
test_restore_messages();
+ test_invalid_window();
if (!pTrackMouseEvent)
win_skip("TrackMouseEvent is not available\n");
diff --git a/server/queue.c b/server/queue.c
index 96587d11d1e..b5e17be18fb 100644
--- a/server/queue.c
+++ b/server/queue.c
@@ -2394,6 +2394,12 @@ DECL_HANDLER(get_message)
reply->active_hooks = get_active_hooks();
+ if (get_win && get_win != 1 && get_win != -1 && !get_user_object( get_win, USER_WINDOW ))
+ {
+ set_win32_error( ERROR_INVALID_WINDOW_HANDLE );
+ return;
+ }
+
if (!queue) return;
queue->last_get_msg = current_time;
if (!filter) filter = QS_ALLINPUT;
--
2.23.0
More information about the wine-devel
mailing list