Added patch to fix invalid memory access in get_registry_locale_info.

2024-11-21 16:46:54 -08:00 · 2015-04-03 17:30:35 +02:00 · 2015-04-03 17:30:35 +02:00 · 70ca8ccdee
commit 70ca8ccdee
parent a6bdf0d803
5 changed files with 83 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -39,7 +39,7 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 -----------------------------------

-**Bug fixes and features included in the next upcoming release [16]:**
+**Bug fixes and features included in the next upcoming release [17]:**

 * Add stub fltmgr.sys (filter manager driver) ([Wine Bug #23583](https://bugs.winehq.org/show_bug.cgi?id=23583))
 * Add stub for ntoskrnl.PsRemoveLoadImageNotifyRoutine
@ -50,6 +50,7 @@ Included bug fixes and improvements
 * Fix compatibility of Uplay with gnutls28 ([Wine Bug #38134](https://bugs.winehq.org/show_bug.cgi?id=38134))
 * Fix device paths in HKLM\SYSTEM\MountedDevices ([Wine Bug #38235](https://bugs.winehq.org/show_bug.cgi?id=38235))
 * Fix handling of ANSI NTLM credentials ([Wine Bug #37063](https://bugs.winehq.org/show_bug.cgi?id=37063))
+* Fix invalid memory access in get_registry_locale_info ([Wine Bug #38344](https://bugs.winehq.org/show_bug.cgi?id=38344))
 * Implement empty enumerator for IWiaDevMgr::EnumDeviceInfo ([Wine Bug #27775](https://bugs.winehq.org/show_bug.cgi?id=27775))
 * Implement mscoree._CorValidateImage for mono runtime
 * Implement proper handling of CLI .NET images in Wine library loader
--- a/debian/changelog
+++ b/debian/changelog
@ -18,6 +18,7 @@ wine-staging (1.7.40) UNRELEASED; urgency=low
  * Added patch to implement mscoree._CorValidateImage for mono runtime.
  * Added patch to implement proper handling of CLI .NET images in Wine library loader.
  * Added patch to stub ntoskrnl.PsRemoveLoadImageNotifyRoutine
+  * Added patch to fix invalid memory access in get_registry_locale_info.
  * Removed patch to fix regression causing black screen on startup (accepted upstream).
  * Removed patch to fix edge cases in TOOLTIPS_GetTipText (fixed upstream).
  * Removed patch for IConnectionPoint/INetworkListManagerEvents stub interface (accepted upstream).
--- a/patches/kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch
+++ b/patches/kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch
@ -0,0 +1,46 @@
+From 702df8220cc4393c65e280d3706311dd0a41ded1 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 3 Apr 2015 14:44:27 +0200
+Subject: kernel32: Fix calculation of returned buffer in
+ get_registry_locale_info.
+
+Fixes a regression introduced by 8826ba1bc86fefa22c543608585ae8f3b4310a5f.
+We cannot decide if we have to append a terminating null char unless we have queried again with a bigger buffer.
+---
+ dlls/kernel32/locale.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/kernel32/locale.c b/dlls/kernel32/locale.c
+index afc5b9d..7798b91 100644
+--- a/dlls/kernel32/locale.c
+++ b/dlls/kernel32/locale.c
+@@ -1177,6 +1177,17 @@ static INT get_registry_locale_info( struct registry_value *registry_value, LPWS
+ 
+         status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size );
+ 
+        /* try again with a bigger buffer when we have to return the correct size */
+        if (status == STATUS_BUFFER_OVERFLOW && !buffer && size > info_size)
+        {
+            KEY_VALUE_PARTIAL_INFORMATION *new_info;
+            if ((new_info = HeapReAlloc( GetProcessHeap(), 0, info, size )))
+            {
+                info = new_info;
+                status = NtQueryValueKey( hkey, &nameW, KeyValuePartialInformation, info, size, &size );
+            }
+        }
+
+         NtClose( hkey );
+ 
+         if (!status)
+@@ -1207,8 +1218,6 @@ static INT get_registry_locale_info( struct registry_value *registry_value, LPWS
+             if (status == STATUS_BUFFER_OVERFLOW && !buffer)
+             {
+                 ret = (size - info_size) / sizeof(WCHAR);
+-                if (!ret || ((WCHAR *)&info->Data)[ret-1])
+-                    ret++;
+             }
+             else if (status == STATUS_OBJECT_NAME_NOT_FOUND)
+             {
+-- 
+2.3.3
+
--- a/patches/kernel32-get_registry_locale_info/definition
+++ b/patches/kernel32-get_registry_locale_info/definition
@ -0,0 +1 @@
+Fixes: [38344] Fix invalid memory access in get_registry_locale_info
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -123,6 +123,7 @@ patch_enable_all ()
 	enable_kernel32_Profile="$1"
 	enable_kernel32_SetFileInformationByHandle="$1"
 	enable_kernel32_VerifyVersionInfo="$1"
+	enable_kernel32_get_registry_locale_info="$1"
 	enable_libs_Unicode_Collation="$1"
 	enable_makedep_PARENTSPEC="$1"
 	enable_mmdevapi_AEV_Stubs="$1"
@ -435,6 +436,9 @@ patch_enable ()
 		kernel32-VerifyVersionInfo)
 			enable_kernel32_VerifyVersionInfo="$2"
 			;;
+		kernel32-get_registry_locale_info)
+			enable_kernel32_get_registry_locale_info="$2"
+			;;
 		libs-Unicode_Collation)
 			enable_libs_Unicode_Collation="$2"
 			;;
@ -2607,20 +2611,6 @@ if test "$enable_kernel32_Console_Handles" -eq 1; then
 	) >> "$patchlist"
 fi

-# Patchset kernel32-SetFileInformationByHandle
-# |
-# | Modified files:
-# |   *	dlls/kernel32/file.c, include/winbase.h
-# |
-if test "$enable_kernel32_SetFileInformationByHandle" -eq 1; then
-	patch_apply kernel32-SetFileInformationByHandle/0001-include-Declare-a-couple-more-file-information-class.patch
-	patch_apply kernel32-SetFileInformationByHandle/0002-kernel32-Implement-SetFileInformationByHandle.patch
-	(
-		echo '+    { "Michael Müller", "include: Declare a couple more file information class structures.", 1 },';
-		echo '+    { "Michael Müller", "kernel32: Implement SetFileInformationByHandle.", 1 },';
-	) >> "$patchlist"
-fi
-
 # Patchset ntdll-FileDispositionInformation
 # |
 # | This patchset fixes the following Wine bugs:
@ -2640,6 +2630,20 @@ if test "$enable_ntdll_FileDispositionInformation" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset kernel32-SetFileInformationByHandle
+# |
+# | Modified files:
+# |   *	dlls/kernel32/file.c, include/winbase.h
+# |
+if test "$enable_kernel32_SetFileInformationByHandle" -eq 1; then
+	patch_apply kernel32-SetFileInformationByHandle/0001-include-Declare-a-couple-more-file-information-class.patch
+	patch_apply kernel32-SetFileInformationByHandle/0002-kernel32-Implement-SetFileInformationByHandle.patch
+	(
+		echo '+    { "Michael Müller", "include: Declare a couple more file information class structures.", 1 },';
+		echo '+    { "Michael Müller", "kernel32: Implement SetFileInformationByHandle.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset kernel32-CopyFileEx
 # |
 # | This patchset fixes the following Wine bugs:
@ -2875,6 +2879,21 @@ if test "$enable_kernel32_VerifyVersionInfo" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset kernel32-get_registry_locale_info
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#38344] Fix invalid memory access in get_registry_locale_info
+# |
+# | Modified files:
+# |   *	dlls/kernel32/locale.c
+# |
+if test "$enable_kernel32_get_registry_locale_info" -eq 1; then
+	patch_apply kernel32-get_registry_locale_info/0001-kernel32-Fix-calculation-of-returned-buffer-in-get_r.patch
+	(
+		echo '+    { "Sebastian Lackner", "kernel32: Fix calculation of returned buffer in get_registry_locale_info.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset libs-Unicode_Collation
 # |
 # | This patchset fixes the following Wine bugs:
				`@ -0,0 +1 @@`
				`Fixes: [38344] Fix invalid memory access in get_registry_locale_info`