wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-11-21 16:46:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Added patch to move cookie initialization code from memory management to loader.

Browse Source
This commit is contained in:
Sebastian Lackner 2015-08-08 21:05:57 +02:00
parent b23f8c789b
commit 0a38c0f4a6
5 changed files with 248 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -39,12 +39,13 @@ Wine. All those differences are also documented on the
Included bug fixes and improvements
-----------------------------------
**Bug fixes and features included in the next upcoming release [4]:**
**Bug fixes and features included in the next upcoming release [5]:**
* Add stub dlls required for MSVC 2015 runtime library (Windows 10)
* Add stubs for additional wininet options in InternetSetOption
* Implement stub for vcomp._vcomp_flush ([Wine Bug #39058](https://bugs.winehq.org/show_bug.cgi?id=39058))
* Improve stubs for dxgi MakeWindowAssociation and GetWindowAssociation
* Move cookie initialization code from memory management to loader ([Wine Bug #39040](https://bugs.winehq.org/show_bug.cgi?id=39040))
**Bug fixes and features in Wine Staging 1.7.48 [238]:**

2
debian/changelog vendored
View File

@ -7,6 +7,8 @@ wine-staging (1.7.49) UNRELEASED; urgency=low
* Added patch to implement stub for vcomp._vcomp_flush.
* Added patch to fix leak and use-after-free in winecfg theming
implementation.
* Added patch to move cookie initialization code from memory management to
loader.
* Removed patch to avoid race-conditions with long running threadpool tasks
(accepted upstream).
* Removed patch to add support for ThreadQuerySetWin32StartAddress info class

179
patches/ntdll-Security_Cookie/0001-ntdll-Move-cookie-initialization-code-from-memory-ma.patch Normal file
View File

@ -0,0 +1,179 @@
From bf3a7b253745c148a65efc9678e7dbb9356c3cf0 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sat, 8 Aug 2015 20:51:43 +0200
Subject: ntdll: Move cookie initialization code from memory management to
loader.
---
dlls/ntdll/loader.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++
dlls/ntdll/virtual.c | 49 -------------------------------------------
2 files changed, 59 insertions(+), 49 deletions(-)
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index bef0ab1..fb7b171 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -50,6 +50,12 @@ WINE_DECLARE_DEBUG_CHANNEL(snoop);
WINE_DECLARE_DEBUG_CHANNEL(loaddll);
WINE_DECLARE_DEBUG_CHANNEL(imports);
+#ifdef _WIN64
+#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
+#endif
+#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
+#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
+
/* we don't want to include winuser.h */
#define RT_MANIFEST ((ULONG_PTR)24)
#define ISOLATIONAWARE_MANIFEST_RESOURCE_ID ((ULONG_PTR)2)
@@ -1602,6 +1608,55 @@ static void load_builtin_callback( void *module, const char *filename )
}
+/***********************************************************************
+ * set_security_cookie
+ *
+ * Create a random security cookie for buffer overflow protection. Make
+ * sure it does not accidentally match the default cookie value.
+ */
+static void set_security_cookie( void *module, SIZE_T len )
+{
+ static ULONG seed;
+ IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
+ ULONG loadcfg_size;
+ ULONG_PTR *cookie;
+
+ loadcfg = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
+ if (!loadcfg) return;
+ if (loadcfg_size < offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie)) return;
+ if (!loadcfg->SecurityCookie) return;
+ if (loadcfg->SecurityCookie < (ULONG_PTR)module ||
+ loadcfg->SecurityCookie > (ULONG_PTR)module + len - sizeof(ULONG_PTR))
+ {
+ WARN( "security cookie %p outside of image %p-%p\n",
+ (void *)loadcfg->SecurityCookie, module, (char *)module + len );
+ return;
+ }
+
+ cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+ TRACE( "initializing security cookie %p\n", cookie );
+
+ if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
+ for (;;)
+ {
+ if (*cookie == DEFAULT_SECURITY_COOKIE_16)
+ *cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
+ else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
+ *cookie = RtlRandom( &seed );
+#ifdef DEFAULT_SECURITY_COOKIE_64
+ else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
+ {
+ *cookie = RtlRandom( &seed );
+ /* fill up, but keep the highest word clear */
+ *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
+ }
+#endif
+ else
+ break;
+ }
+}
+
+
/******************************************************************************
* load_native_dll (internal)
*/
@@ -1636,6 +1691,10 @@ static NTSTATUS load_native_dll( LPCWSTR load_path, LPCWSTR name, HANDLE file,
goto done;
}
+ /* randomize security cookie */
+
+ set_security_cookie( module, len );
+
/* fixup imports */
nt = RtlImageNtHeader( module );
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 676675f..fe17518 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -61,12 +61,6 @@ WINE_DECLARE_DEBUG_CHANNEL(module);
#define MAP_NORESERVE 0
#endif
-#ifdef _WIN64
-#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
-#endif
-#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
-#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
-
/* File view */
struct file_view
{
@@ -1060,37 +1054,6 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st )
}
/***********************************************************************
- * set_security_cookie
- *
- * Create a random security cookie for buffer overflow protection. Make
- * sure it does not accidentally match the default cookie value.
- */
-static void set_security_cookie(ULONG_PTR *cookie)
-{
- static ULONG seed;
-
- if (!cookie) return;
- if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
- while (1)
- {
- if (*cookie == DEFAULT_SECURITY_COOKIE_16)
- *cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
- else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
- *cookie = RtlRandom( &seed );
-#ifdef DEFAULT_SECURITY_COOKIE_64
- else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
- {
- *cookie = RtlRandom( &seed );
- /* fill up, but keep the highest word clear */
- *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
- }
-#endif
- else
- break;
- }
-}
-
-/***********************************************************************
* map_image
*
* Map an executable (PE format) image into memory.
@@ -1103,8 +1066,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
IMAGE_SECTION_HEADER sections[96];
IMAGE_SECTION_HEADER *sec;
IMAGE_DATA_DIRECTORY *imports;
- IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
- ULONG loadcfg_size;
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
int i;
off_t pos;
@@ -1316,16 +1277,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
}
}
- /* randomize security cookie */
-
- loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
- IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
- if (loadcfg && loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie) &&
- (ULONG_PTR)ptr <= loadcfg->SecurityCookie && loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR))
- {
- set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
- }
-
/* set the image protections */
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
--
2.5.0

1
patches/ntdll-Security_Cookie/definition Normal file
View File

@ -0,0 +1 @@
Fixes: [39040] Move cookie initialization code from memory management to loader

109
patches/patchinstall.sh
View File

@ -176,6 +176,7 @@ patch_enable_all ()
enable_ntdll_NtSetLdtEntries="$1"
enable_ntdll_Pipe_SpecialCharacters="$1"
enable_ntdll_RtlIpStringToAddress="$1"
enable_ntdll_Security_Cookie="$1"
enable_ntdll_ThreadTime="$1"
enable_ntdll_Threading="$1"
enable_ntdll_User_Shared_Data="$1"
@ -606,6 +607,9 @@ patch_enable ()
ntdll-RtlIpStringToAddress)
enable_ntdll_RtlIpStringToAddress="$2"
;;
ntdll-Security_Cookie)
enable_ntdll_Security_Cookie="$2"
;;
ntdll-ThreadTime)
enable_ntdll_ThreadTime="$2"
;;
@ -3759,6 +3763,21 @@ if test "$enable_ntdll_RtlIpStringToAddress" -eq 1; then
) >> "$patchlist"
fi
# Patchset ntdll-Security_Cookie
# |
# | This patchset fixes the following Wine bugs:
# | * [#39040] Move cookie initialization code from memory management to loader
# |
# | Modified files:
# | * dlls/ntdll/loader.c, dlls/ntdll/virtual.c
# |
if test "$enable_ntdll_Security_Cookie" -eq 1; then
patch_apply ntdll-Security_Cookie/0001-ntdll-Move-cookie-initialization-code-from-memory-ma.patch
(
echo '+ { "Sebastian Lackner", "ntdll: Move cookie initialization code from memory management to loader.", 1 },';
) >> "$patchlist"
fi
# Patchset ntdll-ThreadTime
# |
# | This patchset fixes the following Wine bugs:
@ -4937,6 +4956,51 @@ if test "$enable_wined3d_CSMT_Helper" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Revert_PixelFormat
# |
# | This patchset fixes the following Wine bugs:
# | * [#35655] Fix wined3d performance drop introduced by pixelformat changes.
# | * [#35718] Fix flickering introduced by pixelformat changes.
# | * [#35975] Fix gray screen on startup introduced by pixelformat changes.
# | * [#36900] Fix missing video introduced by pixelformat changes.
# |
# | Modified files:
# | * dlls/d3d8/tests/device.c, dlls/d3d9/tests/device.c, dlls/ddraw/tests/ddraw1.c, dlls/ddraw/tests/ddraw2.c,
# | dlls/ddraw/tests/ddraw4.c, dlls/ddraw/tests/ddraw7.c, dlls/wined3d/context.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Revert_PixelFormat" -eq 1; then
patch_apply wined3d-Revert_PixelFormat/0001-Revert-wined3d-Track-if-a-context-s-private-hdc-has-.patch
patch_apply wined3d-Revert_PixelFormat/0002-Revert-wined3d-Track-if-a-context-s-hdc-is-private-s.patch
patch_apply wined3d-Revert_PixelFormat/0003-Revert-wined3d-When-restoring-pixel-format-in-contex.patch
patch_apply wined3d-Revert_PixelFormat/0004-Revert-wined3d-Don-t-call-GetPixelFormat-to-set-a-fl.patch
patch_apply wined3d-Revert_PixelFormat/0005-Revert-wined3d-Restore-the-pixel-format-of-the-windo.patch
patch_apply wined3d-Revert_PixelFormat/0006-d3d8-Mark-tests-which-no-longer-pass-due-to-reverts-.patch
patch_apply wined3d-Revert_PixelFormat/0007-d3d9-Mark-tests-which-no-longer-pass-due-to-reverts-.patch
patch_apply wined3d-Revert_PixelFormat/0008-ddraw-Mark-tests-which-no-longer-pass-due-to-reverts.patch
(
echo '+ { "Ken Thomases", "Revert \"wined3d: Track if a context'\''s private hdc has had its pixel format set, so we don'\''t need to check it.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Track if a context'\''s hdc is private so we never need to restore its pixel format.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: When restoring pixel format in context_release(), mark the context as needing to be set on the next context_acquire().\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Don'\''t call GetPixelFormat() to set a flag that'\''s already set.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Restore the pixel format of the window whose pixel format was actually changed.\".", 1 },';
echo '+ { "Ken Thomases", "d3d8: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
echo '+ { "Ken Thomases", "d3d9: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
echo '+ { "Ken Thomases", "ddraw: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-wined3d_swapchain_present
# |
# | Modified files:
# | * dlls/wined3d/swapchain.c
# |
if test "$enable_wined3d_wined3d_swapchain_present" -eq 1; then
patch_apply wined3d-wined3d_swapchain_present/0001-wined3d-Silence-repeated-wined3d_swapchain_present-F.patch
(
echo '+ { "Sebastian Lackner", "wined3d: Silence repeated wined3d_swapchain_present FIXME.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-UnhandledBlendFactor
# |
# | Modified files:
@ -4961,18 +5025,6 @@ if test "$enable_wined3d_resource_check_usage" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-wined3d_swapchain_present
# |
# | Modified files:
# | * dlls/wined3d/swapchain.c
# |
if test "$enable_wined3d_wined3d_swapchain_present" -eq 1; then
patch_apply wined3d-wined3d_swapchain_present/0001-wined3d-Silence-repeated-wined3d_swapchain_present-F.patch
(
echo '+ { "Sebastian Lackner", "wined3d: Silence repeated wined3d_swapchain_present FIXME.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-Geforce_425M
# |
# | This patchset fixes the following Wine bugs:
@ -5015,39 +5067,6 @@ if test "$enable_wined3d_Multisampling" -eq 1; then
) >> "$patchlist"
fi
# Patchset wined3d-Revert_PixelFormat
# |
# | This patchset fixes the following Wine bugs:
# | * [#35655] Fix wined3d performance drop introduced by pixelformat changes.
# | * [#35718] Fix flickering introduced by pixelformat changes.
# | * [#35975] Fix gray screen on startup introduced by pixelformat changes.
# | * [#36900] Fix missing video introduced by pixelformat changes.
# |
# | Modified files:
# | * dlls/d3d8/tests/device.c, dlls/d3d9/tests/device.c, dlls/ddraw/tests/ddraw1.c, dlls/ddraw/tests/ddraw2.c,
# | dlls/ddraw/tests/ddraw4.c, dlls/ddraw/tests/ddraw7.c, dlls/wined3d/context.c, dlls/wined3d/wined3d_private.h
# |
if test "$enable_wined3d_Revert_PixelFormat" -eq 1; then
patch_apply wined3d-Revert_PixelFormat/0001-Revert-wined3d-Track-if-a-context-s-private-hdc-has-.patch
patch_apply wined3d-Revert_PixelFormat/0002-Revert-wined3d-Track-if-a-context-s-hdc-is-private-s.patch
patch_apply wined3d-Revert_PixelFormat/0003-Revert-wined3d-When-restoring-pixel-format-in-contex.patch
patch_apply wined3d-Revert_PixelFormat/0004-Revert-wined3d-Don-t-call-GetPixelFormat-to-set-a-fl.patch
patch_apply wined3d-Revert_PixelFormat/0005-Revert-wined3d-Restore-the-pixel-format-of-the-windo.patch
patch_apply wined3d-Revert_PixelFormat/0006-d3d8-Mark-tests-which-no-longer-pass-due-to-reverts-.patch
patch_apply wined3d-Revert_PixelFormat/0007-d3d9-Mark-tests-which-no-longer-pass-due-to-reverts-.patch
patch_apply wined3d-Revert_PixelFormat/0008-ddraw-Mark-tests-which-no-longer-pass-due-to-reverts.patch
(
echo '+ { "Ken Thomases", "Revert \"wined3d: Track if a context'\''s private hdc has had its pixel format set, so we don'\''t need to check it.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Track if a context'\''s hdc is private so we never need to restore its pixel format.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: When restoring pixel format in context_release(), mark the context as needing to be set on the next context_acquire().\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Don'\''t call GetPixelFormat() to set a flag that'\''s already set.\".", 1 },';
echo '+ { "Ken Thomases", "Revert \"wined3d: Restore the pixel format of the window whose pixel format was actually changed.\".", 1 },';
echo '+ { "Ken Thomases", "d3d8: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
echo '+ { "Ken Thomases", "d3d9: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
echo '+ { "Ken Thomases", "ddraw: Mark tests which no longer pass due to reverts as todo_wine.", 1 },';
) >> "$patchlist"
fi
# Patchset wined3d-CSMT_Main
# |
# | This patchset fixes the following Wine bugs: