diff options
Diffstat (limited to 'app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch')
| -rw-r--r-- | app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch b/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch new file mode 100644 index 000000000000..9168654a841f --- /dev/null +++ b/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch @@ -0,0 +1,82 @@ +From: Erich E. Hoover <erich.e.hoover@wine-staging.com> +Date: Fri, 10 Jul 2015 20:52:33 +0000 (-0600) +Subject: ntdll: Only set the security cookie if it has not already been set. +X-Git-Url: http://source.winehq.org/git/wine.git/commitdiff_plain/e9d7cf99ada80ea8345c301481c63a24780f2b63 + +ntdll: Only set the security cookie if it has not already been set. +--- + +diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c +index 410e060..ff947da 100644 +--- a/dlls/ntdll/virtual.c ++++ b/dlls/ntdll/virtual.c +@@ -61,6 +61,12 @@ WINE_DECLARE_DEBUG_CHANNEL(module); + #define MAP_NORESERVE 0 + #endif + ++#ifdef _WIN64 ++#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232) ++#endif ++#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e ++#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16) ++ + /* File view */ + struct file_view + { +@@ -1053,6 +1059,36 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st ) + return status; + } + ++/*********************************************************************** ++ * set_security_cookie ++ * ++ * Create a random security cookie for buffer overflow protection. Make ++ * sure it does not accidentally match the default cookie value. ++ */ ++static void set_security_cookie(ULONG_PTR *cookie) ++{ ++ static ULONG seed; ++ ++ if (!cookie) return; ++ if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId(); ++ while (1) ++ { ++ if (*cookie == DEFAULT_SECURITY_COOKIE_16) ++ *cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */ ++ else if (*cookie == DEFAULT_SECURITY_COOKIE_32) ++ *cookie = RtlRandom( &seed ); ++#ifdef DEFAULT_SECURITY_COOKIE_64 ++ else if (*cookie == DEFAULT_SECURITY_COOKIE_64) ++ { ++ *cookie = RtlRandom( &seed ); ++ /* fill up, but keep the highest word clear */ ++ *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16; ++ } ++#endif ++ else ++ break; ++ } ++} + + /*********************************************************************** + * map_image +@@ -1285,18 +1321,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz + loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE, + IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size ); + if (loadcfg && loadcfg_size >= sizeof(*loadcfg)) +- { +- static ULONG seed; +- ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie; +- +- if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId(); +- if (cookie) +- { +- *cookie = RtlRandom( &seed ); +- if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */ +- *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16; +- } +- } ++ set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie); + + /* set the image protections */ + |