Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-cw
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-cw
Commits
38076fa6
Commit
38076fa6
authored
Aug 10, 2015
by
Sebastian Lackner
Committed by
Alexandre Julliard
Aug 12, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ntdll: Move cookie initialization code from memory management to loader.
parent
79c37ac8
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
57 additions
and
49 deletions
+57
-49
loader.c
dlls/ntdll/loader.c
+57
-0
virtual.c
dlls/ntdll/virtual.c
+0
-49
No files found.
dlls/ntdll/loader.c
View file @
38076fa6
...
...
@@ -50,6 +50,12 @@ WINE_DECLARE_DEBUG_CHANNEL(snoop);
WINE_DECLARE_DEBUG_CHANNEL
(
loaddll
);
WINE_DECLARE_DEBUG_CHANNEL
(
imports
);
#ifdef _WIN64
#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
#endif
#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
/* we don't want to include winuser.h */
#define RT_MANIFEST ((ULONG_PTR)24)
#define ISOLATIONAWARE_MANIFEST_RESOURCE_ID ((ULONG_PTR)2)
...
...
@@ -1602,6 +1608,55 @@ static void load_builtin_callback( void *module, const char *filename )
}
/***********************************************************************
* set_security_cookie
*
* Create a random security cookie for buffer overflow protection. Make
* sure it does not accidentally match the default cookie value.
*/
static
void
set_security_cookie
(
void
*
module
,
SIZE_T
len
)
{
static
ULONG
seed
;
IMAGE_LOAD_CONFIG_DIRECTORY
*
loadcfg
;
ULONG
loadcfg_size
;
ULONG_PTR
*
cookie
;
loadcfg
=
RtlImageDirectoryEntryToData
(
module
,
TRUE
,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
,
&
loadcfg_size
);
if
(
!
loadcfg
)
return
;
if
(
loadcfg_size
<
offsetof
(
IMAGE_LOAD_CONFIG_DIRECTORY
,
SecurityCookie
)
+
sizeof
(
loadcfg
->
SecurityCookie
))
return
;
if
(
!
loadcfg
->
SecurityCookie
)
return
;
if
(
loadcfg
->
SecurityCookie
<
(
ULONG_PTR
)
module
||
loadcfg
->
SecurityCookie
>
(
ULONG_PTR
)
module
+
len
-
sizeof
(
ULONG_PTR
))
{
WARN
(
"security cookie %p outside of image %p-%p
\n
"
,
(
void
*
)
loadcfg
->
SecurityCookie
,
module
,
(
char
*
)
module
+
len
);
return
;
}
cookie
=
(
ULONG_PTR
*
)
loadcfg
->
SecurityCookie
;
TRACE
(
"initializing security cookie %p
\n
"
,
cookie
);
if
(
!
seed
)
seed
=
NtGetTickCount
()
^
GetCurrentProcessId
();
for
(;;)
{
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_16
)
*
cookie
=
RtlRandom
(
&
seed
)
>>
16
;
/* leave the high word clear */
else
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_32
)
*
cookie
=
RtlRandom
(
&
seed
);
#ifdef DEFAULT_SECURITY_COOKIE_64
else
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_64
)
{
*
cookie
=
RtlRandom
(
&
seed
);
/* fill up, but keep the highest word clear */
*
cookie
^=
(
ULONG_PTR
)
RtlRandom
(
&
seed
)
<<
16
;
}
#endif
else
break
;
}
}
/******************************************************************************
* load_native_dll (internal)
*/
...
...
@@ -1636,6 +1691,8 @@ static NTSTATUS load_native_dll( LPCWSTR load_path, LPCWSTR name, HANDLE file,
goto
done
;
}
set_security_cookie
(
module
,
len
);
/* fixup imports */
nt
=
RtlImageNtHeader
(
module
);
...
...
dlls/ntdll/virtual.c
View file @
38076fa6
...
...
@@ -61,12 +61,6 @@ WINE_DECLARE_DEBUG_CHANNEL(module);
#define MAP_NORESERVE 0
#endif
#ifdef _WIN64
#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
#endif
#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
/* File view */
struct
file_view
{
...
...
@@ -1060,37 +1054,6 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st )
}
/***********************************************************************
* set_security_cookie
*
* Create a random security cookie for buffer overflow protection. Make
* sure it does not accidentally match the default cookie value.
*/
static
void
set_security_cookie
(
ULONG_PTR
*
cookie
)
{
static
ULONG
seed
;
if
(
!
cookie
)
return
;
if
(
!
seed
)
seed
=
NtGetTickCount
()
^
GetCurrentProcessId
();
while
(
1
)
{
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_16
)
*
cookie
=
RtlRandom
(
&
seed
)
>>
16
;
/* leave the high word clear */
else
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_32
)
*
cookie
=
RtlRandom
(
&
seed
);
#ifdef DEFAULT_SECURITY_COOKIE_64
else
if
(
*
cookie
==
DEFAULT_SECURITY_COOKIE_64
)
{
*
cookie
=
RtlRandom
(
&
seed
);
/* fill up, but keep the highest word clear */
*
cookie
^=
(
ULONG_PTR
)
RtlRandom
(
&
seed
)
<<
16
;
}
#endif
else
break
;
}
}
/***********************************************************************
* map_image
*
* Map an executable (PE format) image into memory.
...
...
@@ -1103,8 +1066,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
IMAGE_SECTION_HEADER
sections
[
96
];
IMAGE_SECTION_HEADER
*
sec
;
IMAGE_DATA_DIRECTORY
*
imports
;
IMAGE_LOAD_CONFIG_DIRECTORY
*
loadcfg
;
ULONG
loadcfg_size
;
NTSTATUS
status
=
STATUS_CONFLICTING_ADDRESSES
;
int
i
;
off_t
pos
;
...
...
@@ -1316,16 +1277,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
}
}
/* randomize security cookie */
loadcfg
=
RtlImageDirectoryEntryToData
(
(
HMODULE
)
ptr
,
TRUE
,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
,
&
loadcfg_size
);
if
(
loadcfg
&&
loadcfg_size
>=
offsetof
(
IMAGE_LOAD_CONFIG_DIRECTORY
,
SecurityCookie
)
+
sizeof
(
loadcfg
->
SecurityCookie
)
&&
(
ULONG_PTR
)
ptr
<=
loadcfg
->
SecurityCookie
&&
loadcfg
->
SecurityCookie
<=
(
ULONG_PTR
)
ptr
+
total_size
-
sizeof
(
ULONG_PTR
))
{
set_security_cookie
((
ULONG_PTR
*
)
loadcfg
->
SecurityCookie
);
}
/* set the image protections */
VIRTUAL_SetProt
(
view
,
ptr
,
ROUND_SIZE
(
0
,
header_size
),
VPROT_COMMITTED
|
VPROT_READ
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment