From 8e2ab550d800c4d47a428d6ee03278a984e2a9c3 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Tue, 8 Jul 2014 14:08:33 -0600
Subject: [PATCH] Updated main extended attributes patch to include additional
 data checks.

---
 debian/changelog                              |  3 +-
 ...file-security-attributes-with-extend.patch | 34 ++++++++++-------
 ...ional-checks-in-get_xattr_sd-to-prev.patch | 38 -------------------
 3 files changed, 22 insertions(+), 53 deletions(-)
 delete mode 100644 patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch

diff --git a/debian/changelog b/debian/changelog
index 8d68cee7..5f42d586 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,7 +6,8 @@ wine-compholio (1.7.22) UNRELEASED; urgency=low
   * Add patch for wtsapi32.WTSEnumerateProcessesW function.
   * Fix incorrect scaling for DECIMAL values in VarDecAdd.
   * Return NULL-terminated list of arguments in CommandLineToArgvW.
- -- Erich E. Hoover <erich.e.hoover@gmail.com>  Fri, 04 Jul 2014 13:18:40 -0600
+  * Updated main extended attributes patch to include additional data checks.
+ -- Erich E. Hoover <erich.e.hoover@gmail.com>  Tue, 08 Jul 2014 14:31:43 -0600
 
 wine-compholio (1.7.21) unstable; urgency=low
   * Remove several patches (accepted upstream).
diff --git a/patches/02-ACL_Extended_Attributes/0005-server-Retrieve-file-security-attributes-with-extend.patch b/patches/02-ACL_Extended_Attributes/0005-server-Retrieve-file-security-attributes-with-extend.patch
index c8ebf3e4..3fec9407 100644
--- a/patches/02-ACL_Extended_Attributes/0005-server-Retrieve-file-security-attributes-with-extend.patch
+++ b/patches/02-ACL_Extended_Attributes/0005-server-Retrieve-file-security-attributes-with-extend.patch
@@ -1,4 +1,4 @@
-From 4498c57f61bf85fca6eb17afd21c0c7051534f75 Mon Sep 17 00:00:00 2001
+From 935a2c860d16ac42e4f6f97370aab51dbd8f4527 Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
 Date: Fri, 18 Apr 2014 14:01:35 -0600
 Subject: server: Retrieve file security attributes with extended file
@@ -7,14 +7,14 @@ Subject: server: Retrieve file security attributes with extended file
 ---
  dlls/advapi32/tests/security.c |   49 ++++++++++++++++++++--------------------
  server/change.c                |    2 +-
- server/file.c                  |   28 ++++++++++++++++++++---
- 3 files changed, 50 insertions(+), 29 deletions(-)
+ server/file.c                  |   34 +++++++++++++++++++++++++---
+ 3 files changed, 56 insertions(+), 29 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index a0574c4..26cde37 100644
+index f3ccc8e..4352ba6 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -3105,24 +3105,24 @@ static void test_CreateDirectoryA(void)
+@@ -3131,24 +3131,24 @@ static void test_CreateDirectoryA(void)
          bret = pGetAce(pDacl, 0, (VOID **)&ace);
          ok(bret, "Failed to get Current User ACE.\n");
          bret = EqualSid(&ace->SidStart, user_sid);
@@ -51,7 +51,7 @@ index a0574c4..26cde37 100644
      }
      LocalFree(pSD);
  
-@@ -3297,23 +3297,22 @@ static void test_GetNamedSecurityInfoA(void)
+@@ -3323,23 +3323,22 @@ static void test_GetNamedSecurityInfoA(void)
          bret = pGetAce(pDacl, 0, (VOID **)&ace);
          ok(bret, "Failed to get Current User ACE.\n");
          bret = EqualSid(&ace->SidStart, user_sid);
@@ -81,7 +81,7 @@ index a0574c4..26cde37 100644
      }
      LocalFree(pSD);
      HeapFree(GetProcessHeap(), 0, user);
-@@ -3963,22 +3962,22 @@ static void test_GetSecurityInfo(void)
+@@ -3989,22 +3988,22 @@ static void test_GetSecurityInfo(void)
          bret = pGetAce(pDacl, 0, (VOID **)&ace);
          ok(bret, "Failed to get Current User ACE.\n");
          bret = EqualSid(&ace->SidStart, user_sid);
@@ -111,10 +111,10 @@ index a0574c4..26cde37 100644
      LocalFree(pSD);
      CloseHandle(obj);
 diff --git a/server/change.c b/server/change.c
-index c391180..77c01bb 100644
+index c673c48..27dbe25 100644
 --- a/server/change.c
 +++ b/server/change.c
-@@ -287,7 +287,7 @@ static struct security_descriptor *dir_get_sd( struct object *obj )
+@@ -290,7 +290,7 @@ static struct security_descriptor *dir_get_sd( struct object *obj )
      assert( obj->ops == &dir_ops );
  
      fd = dir_get_fd( obj );
@@ -124,10 +124,10 @@ index c391180..77c01bb 100644
      return sd;
  }
 diff --git a/server/file.c b/server/file.c
-index b9106a8..c4706b6 100644
+index 6981fca..66fb7af 100644
 --- a/server/file.c
 +++ b/server/file.c
-@@ -496,12 +496,33 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+@@ -504,12 +504,39 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
      return sd;
  }
  
@@ -139,12 +139,18 @@ index b9106a8..c4706b6 100644
 +    int n;
 +
 +    n = fgetxattr( fd, "user.wine.sd", buffer, sizeof(buffer) );
-+    if (n == -1) return NULL;
++    if (n == -1 || n < 2 + sizeof(struct security_descriptor)) return NULL;
++
 +    /* validate that we can handle the descriptor */
 +    if (buffer[0] != SECURITY_DESCRIPTOR_REVISION || buffer[1] != 0) return NULL;
 +
++    sd = (struct security_descriptor *)&buffer[2];
++    if (n  < 2 + sizeof(struct security_descriptor) + sd->owner_len
++               + sd->group_len + sd->sacl_len + sd->dacl_len)
++        return NULL;
++
 +    sd = mem_alloc( n - 2 );
-+    memcpy( sd, &buffer[2], n - 2 );
++    if (sd) memcpy( sd, &buffer[2], n - 2 );
 +    return sd;
 +#else
 +    return NULL;
@@ -161,7 +167,7 @@ index b9106a8..c4706b6 100644
  
      if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
          return obj->sd;
-@@ -511,9 +532,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
+@@ -519,9 +546,10 @@ struct security_descriptor *get_file_sd( struct object *obj, struct fd *fd, mode
          (st.st_uid == *uid))
          return obj->sd;
  
diff --git a/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch b/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch
deleted file mode 100644
index 084f5187..00000000
--- a/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 8abcd1aac3f65585dfb2e761dd737c0609cd5f93 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 1 Jun 2014 23:46:09 +0200
-Subject: server: Add additional checks in get_xattr_sd to prevent crashes
- caused by invalid attributes.
-
----
- server/file.c |   10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/server/file.c b/server/file.c
-index 08231a7..11522c3 100644
---- a/server/file.c
-+++ b/server/file.c
-@@ -738,12 +738,18 @@ struct security_descriptor *get_xattr_sd( int fd )
-     int n;
- 
-     n = fgetxattr( fd, "user.wine.sd", buffer, sizeof(buffer) );
--    if (n == -1) return NULL;
-+    if (n == -1 || n < 2 + sizeof(struct security_descriptor)) return NULL;
-+
-     /* validate that we can handle the descriptor */
-     if (buffer[0] != SECURITY_DESCRIPTOR_REVISION || buffer[1] != 0) return NULL;
- 
-+    sd = (struct security_descriptor *)&buffer[2];
-+    if (n  < 2 + sizeof(struct security_descriptor) + sd->owner_len
-+               + sd->group_len + sd->sacl_len + sd->dacl_len)
-+        return NULL;
-+
-     sd = mem_alloc( n - 2 );
--    memcpy( sd, &buffer[2], n - 2 );
-+    if (sd) memcpy( sd, &buffer[2], n - 2 );
-     return sd;
- #else
-     return NULL;
--- 
-1.7.9.5
-