diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 41e9075b..67719b8b 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -5001,14 +5001,16 @@ fi # | * [#37087] Do not hold reference on parent process in wineserver # | # | Modified files: -# | * server/console.c, server/process.c, server/process.h, server/snapshot.c, server/thread.c +# | * server/console.c, server/process.c, server/process.h, server/snapshot.c, server/thread.c, server/token.c # | if test "$enable_server_Parent_Process" -eq 1; then - patch_apply server-Parent_Process/0001-server-Do-not-hold-reference-on-parent-process.patch + patch_apply server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch patch_apply server-Parent_Process/0002-server-Increase-size-of-PID-table-to-512-to-reduce-r.patch + patch_apply server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch ( - echo '+ { "Sebastian Lackner", "server: Do not hold reference on parent process.", 1 },'; + echo '+ { "Sebastian Lackner", "server: Token_duplicate should not reference the original token, which will get destroyed on process exit.", 1 },'; echo '+ { "Sebastian Lackner", "server: Increase size of PID table to 512 to reduce risk of collisions.", 1 },'; + echo '+ { "Sebastian Lackner", "server: Do not hold reference on parent process.", 1 },'; ) >> "$patchlist" fi diff --git a/patches/server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch b/patches/server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch new file mode 100644 index 00000000..eb0f0cae --- /dev/null +++ b/patches/server-Parent_Process/0001-server-token_duplicate-should-not-reference-the-orig.patch @@ -0,0 +1,36 @@ +From 852441b8d71ffc4fe095a331cd8a7dcc2fdac1c2 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Thu, 10 Dec 2015 16:40:01 +0100 +Subject: server: token_duplicate should not reference the original token, + which will get destroyed on process exit. + +--- + server/token.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/server/token.c b/server/token.c +index 001261d..9edfbf0 100644 +--- a/server/token.c ++++ b/server/token.c +@@ -568,6 +568,7 @@ struct token *token_duplicate( struct token *src_token, unsigned primary, + if (!token) return token; + + /* copy groups */ ++ token->primary_group = NULL; + LIST_FOR_EACH_ENTRY( group, &src_token->groups, struct group, entry ) + { + size_t size = FIELD_OFFSET( struct group, sid.SubAuthority[group->sid.SubAuthorityCount] ); +@@ -579,8 +580,9 @@ struct token *token_duplicate( struct token *src_token, unsigned primary, + } + memcpy( newgroup, group, size ); + list_add_tail( &token->groups, &newgroup->entry ); ++ if (src_token->primary_group == &group->sid) ++ token->primary_group = &newgroup->sid; + } +- token->primary_group = src_token->primary_group; + assert( token->primary_group ); + + /* copy privileges */ +-- +2.6.2 + diff --git a/patches/server-Parent_Process/0001-server-Do-not-hold-reference-on-parent-process.patch b/patches/server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch similarity index 100% rename from patches/server-Parent_Process/0001-server-Do-not-hold-reference-on-parent-process.patch rename to patches/server-Parent_Process/0003-server-Do-not-hold-reference-on-parent-process.patch diff --git a/staging/changelog b/staging/changelog index bc904eb0..6a989ca7 100644 --- a/staging/changelog +++ b/staging/changelog @@ -4,6 +4,8 @@ wine-staging (1.8~rc4) UNRELEASED; urgency=low * Removed patch to return an error when trying to open a terminated process (replaced with alternative approach). * Added patch to avoid holding reference on parent process in wineserver. + * Added patch to fix memory corruption wineserver (token_duplicate should not + reference the original token). -- Sebastian Lackner Tue, 08 Dec 2015 18:32:59 +0100 wine-staging (1.8~rc3) unstable; urgency=low