summaryrefslogtreecommitdiff
path: root/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch
diff options
context:
space:
mode:
authorV3n3RiX <venerix@rogentos.ro>2016-04-15 16:25:31 +0100
committerV3n3RiX <venerix@rogentos.ro>2016-04-15 16:25:31 +0100
commit0c389803f1cedf572d8bf954d4c64989dbbe4959 (patch)
treef39a0946264fa5ec4e8ffe7d13e56d07334b391f /app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch
parent51e7c083b849fb1a2a7bb8c7d7313d1c72167c74 (diff)
Gallium Nine patched wine ;)
Diffstat (limited to 'app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch')
-rw-r--r--app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch82
1 files changed, 82 insertions, 0 deletions
diff --git a/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch b/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch
new file mode 100644
index 00000000..9168654a
--- /dev/null
+++ b/app-emulation/wine/files/wine-1.7.47-critical-security-cookie-fix.patch
@@ -0,0 +1,82 @@
+From: Erich E. Hoover <erich.e.hoover@wine-staging.com>
+Date: Fri, 10 Jul 2015 20:52:33 +0000 (-0600)
+Subject: ntdll: Only set the security cookie if it has not already been set.
+X-Git-Url: http://source.winehq.org/git/wine.git/commitdiff_plain/e9d7cf99ada80ea8345c301481c63a24780f2b63
+
+ntdll: Only set the security cookie if it has not already been set.
+---
+
+diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
+index 410e060..ff947da 100644
+--- a/dlls/ntdll/virtual.c
++++ b/dlls/ntdll/virtual.c
+@@ -61,6 +61,12 @@ WINE_DECLARE_DEBUG_CHANNEL(module);
+ #define MAP_NORESERVE 0
+ #endif
+
++#ifdef _WIN64
++#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
++#endif
++#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
++#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
++
+ /* File view */
+ struct file_view
+ {
+@@ -1053,6 +1059,36 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st )
+ return status;
+ }
+
++/***********************************************************************
++ * set_security_cookie
++ *
++ * Create a random security cookie for buffer overflow protection. Make
++ * sure it does not accidentally match the default cookie value.
++ */
++static void set_security_cookie(ULONG_PTR *cookie)
++{
++ static ULONG seed;
++
++ if (!cookie) return;
++ if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
++ while (1)
++ {
++ if (*cookie == DEFAULT_SECURITY_COOKIE_16)
++ *cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
++ else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
++ *cookie = RtlRandom( &seed );
++#ifdef DEFAULT_SECURITY_COOKIE_64
++ else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
++ {
++ *cookie = RtlRandom( &seed );
++ /* fill up, but keep the highest word clear */
++ *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
++ }
++#endif
++ else
++ break;
++ }
++}
+
+ /***********************************************************************
+ * map_image
+@@ -1285,18 +1321,7 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
+ loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
+ IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
+ if (loadcfg && loadcfg_size >= sizeof(*loadcfg))
+- {
+- static ULONG seed;
+- ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+-
+- if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
+- if (cookie)
+- {
+- *cookie = RtlRandom( &seed );
+- if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */
+- *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
+- }
+- }
++ set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
+
+ /* set the image protections */
+