Commit 7e1c886f authored by André Hentschel's avatar André Hentschel Committed by Alexandre Julliard

ntdll: Randomize security cookie when available.

parent eecd136c
......@@ -1067,6 +1067,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
IMAGE_SECTION_HEADER sections[96];
IMAGE_SECTION_HEADER *sec;
IMAGE_DATA_DIRECTORY *imports;
IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
ULONG loadcfg_size;
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
int i;
off_t pos;
......@@ -1278,6 +1280,24 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
}
}
/* randomize security cookie */
loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
if (loadcfg && loadcfg_size >= sizeof(*loadcfg))
{
static ULONG seed;
ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
if (cookie)
{
*cookie = RtlRandom( &seed );
if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */
*cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
}
}
/* set the image protections */
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment