ntdll: Add ACTCTX field limit checks to RtlCreateActivationContext().

Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru>

ntdll: Add ACTCTX field limit checks to RtlCreateActivationContext().
90920400 · Dmitry Timoshkov · Alexandre Julliard · e8ce9979 · 90920400 · 90920400
Commit 90920400 authored Sep 14, 2023 by Dmitry Timoshkov Committed by Alexandre Julliard Nov 08, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

actctx.c dlls/kernel32/tests/actctx.c +0 -2

actctx.c dlls/ntdll/actctx.c +10 -2

No files found.
--- a/dlls/kernel32/tests/actctx.c
+++ b/dlls/kernel32/tests/actctx.c
@@ -2853,7 +2853,6 @@ static void test_CreateActCtx(void)
        handle = CreateActCtxW(&ctxW);
        if (!test[i].error)
        {
-            todo_wine
            ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
            ReleaseActCtx(handle);
        }
@@ -2868,7 +2867,6 @@ static void test_CreateActCtx(void)
            ctxW.lpSource = sourceW; /* source without hModule must point to valid PE */
        SetLastError(0xdeadbeef);
        handle = CreateActCtxW(&ctxW);
-        todo_wine_if(i != 4)
        ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
        ReleaseActCtx(handle);


--- a/dlls/ntdll/actctx.c
+++ b/dlls/ntdll/actctx.c
@@ -5261,9 +5261,17 @@ NTSTATUS WINAPI RtlCreateActivationContext( HANDLE *handle, const void *ptr )

    TRACE("%p %08lx\n", pActCtx, pActCtx ? pActCtx->dwFlags : 0);

-    if (!pActCtx || pActCtx->cbSize < sizeof(*pActCtx) ||
-        (pActCtx->dwFlags & ~ACTCTX_FLAGS_ALL))
+#define CHECK_LIMIT( field ) (pActCtx->cbSize >= RTL_SIZEOF_THROUGH_FIELD( ACTCTXW, field ))
+    if (!pActCtx || (pActCtx->dwFlags & ~ACTCTX_FLAGS_ALL) ||
+        !CHECK_LIMIT( lpSource ) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_PROCESSOR_ARCHITECTURE_VALID) && !CHECK_LIMIT( wProcessorArchitecture )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_LANGID_VALID) && !CHECK_LIMIT( wLangId )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_ASSEMBLY_DIRECTORY_VALID) && !CHECK_LIMIT( lpAssemblyDirectory )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) && !CHECK_LIMIT( lpResourceName )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_APPLICATION_NAME_VALID) && !CHECK_LIMIT( lpApplicationName )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_HMODULE_VALID) && !CHECK_LIMIT( hModule )))
        return STATUS_INVALID_PARAMETER;
+#undef CHECK_LIMIT

    if ((pActCtx->dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) && !pActCtx->lpResourceName)
        return STATUS_INVALID_PARAMETER;