kernel32: Add ACTCTX field limit checks to CreateActCtxA().

dlls/kernel32/process.c

@@ -422,11 +422,19 @@ HANDLE WINAPI DECLSPEC_HOTPATCH CreateActCtxA( const ACTCTXA *actctx )
 
     TRACE("%p %08lx\n", actctx, actctx ? actctx->dwFlags : 0);
 
-    if (!actctx || actctx->cbSize != sizeof(*actctx))
+#define CHECK_LIMIT( field ) (actctx->cbSize >= RTL_SIZEOF_THROUGH_FIELD( ACTCTXA, field ))
+    if (!actctx || !CHECK_LIMIT( lpSource ) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_PROCESSOR_ARCHITECTURE_VALID) && !CHECK_LIMIT( wProcessorArchitecture )) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_LANGID_VALID) && !CHECK_LIMIT( wLangId )) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_ASSEMBLY_DIRECTORY_VALID) && !CHECK_LIMIT( lpAssemblyDirectory )) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) && !CHECK_LIMIT( lpResourceName )) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_APPLICATION_NAME_VALID) && !CHECK_LIMIT( lpApplicationName )) ||
+        ((actctx->dwFlags & ACTCTX_FLAG_HMODULE_VALID) && !CHECK_LIMIT( hModule )))
     {
         SetLastError(ERROR_INVALID_PARAMETER);
         return INVALID_HANDLE_VALUE;
     }
+#undef CHECK_LIMIT
 
     actw.cbSize = sizeof(actw);
     actw.dwFlags = actctx->dwFlags;

dlls/kernel32/tests/actctx.c

@@ -2895,7 +2895,6 @@ static void test_CreateActCtx(void)
         handle = CreateActCtxA(&actctx);
         if (!test[i].error)
         {
-            todo_wine
             ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
             ReleaseActCtx(handle);
         }
@@ -2910,7 +2909,6 @@ static void test_CreateActCtx(void)
             actctx.lpSource = source; /* source without hModule must point to valid PE */
         SetLastError(0xdeadbeef);
         handle = CreateActCtxA(&actctx);
-        todo_wine_if(i != 4)
         ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
         ReleaseActCtx(handle);