Added patch to fix memory corruption wineserver (token_duplicate should not reference the original token).

2024-09-13 09:17:20 -07:00 · 2015-12-10 16:49:38 +01:00 · 2015-12-10 16:49:38 +01:00 · 7dac88ab13
commit 7dac88ab13
parent c3f580b642
4 changed files with 43 additions and 3 deletions
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -5001,14 +5001,16 @@ fi
 # |   *	[#37087] Do not hold reference on parent process in wineserver
 # |
 # | Modified files:
-# |   *	server/console.c, server/process.c, server/process.h, server/snapshot.c, server/thread.c
+# |   *	server/console.c, server/process.c, server/process.h, server/snapshot.c, server/thread.c, server/token.c
 # |
 if test "$enable_server_Parent_Process" -eq 1; then
-	patch_apply server-Parent_Process/0001-server-Do-not-hold-reference-on-parent-process.patch
+	patch_apply server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch
 	patch_apply server-Parent_Process/0002-server-Increase-size-of-PID-table-to-512-to-reduce-r.patch
+	patch_apply server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch
 	(
-		echo '+    { "Sebastian Lackner", "server: Do not hold reference on parent process.", 1 },';
+		echo '+    { "Sebastian Lackner", "server: Token_duplicate should not reference the original token, which will get destroyed on process exit.", 1 },';
 		echo '+    { "Sebastian Lackner", "server: Increase size of PID table to 512 to reduce risk of collisions.", 1 },';
+		echo '+    { "Sebastian Lackner", "server: Do not hold reference on parent process.", 1 },';
 	) >> "$patchlist"
 fi

--- a/patches/server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch
+++ b/patches/server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch
@ -0,0 +1,36 @@
+From 852441b8d71ffc4fe095a331cd8a7dcc2fdac1c2 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Thu, 10 Dec 2015 16:40:01 +0100
+Subject: server: token_duplicate should not reference the original token,
+ which will get destroyed on process exit.
+
+---
+ server/token.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/server/token.c b/server/token.c
+index 001261d..9edfbf0 100644
+--- a/server/token.c
+++ b/server/token.c
+@@ -568,6 +568,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+     if (!token) return token;
+ 
+     /* copy groups */
+    token->primary_group = NULL;
+     LIST_FOR_EACH_ENTRY( group, &src_token->groups, struct group, entry )
+     {
+         size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[group->sid.SubAuthorityCount] );
+@@ -579,8 +580,9 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
+         }
+         memcpy( newgroup, group, size );
+         list_add_tail( &token->groups, &newgroup->entry );
+        if (src_token->primary_group == &group->sid)
+            token->primary_group = &newgroup->sid;
+     }
+-    token->primary_group = src_token->primary_group;
+     assert( token->primary_group );
+ 
+     /* copy privileges */
+-- 
+2.6.2
+
--- a/patches/server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch
+++ b/patches/server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch
--- a/staging/changelog
+++ b/staging/changelog
@ -4,6 +4,8 @@ wine-staging (1.8~rc4) UNRELEASED; urgency=low
  * Removed patch to return an error when trying to open a terminated process
    (replaced with alternative approach).
  * Added patch to avoid holding reference on parent process in wineserver.
+  * Added patch to fix memory corruption wineserver (token_duplicate should not
+    reference the original token).
 -- Sebastian Lackner <sebastian@fds-team.de>  Tue, 08 Dec 2015 18:32:59 +0100

 wine-staging (1.8~rc3) unstable; urgency=low