From b0905f45a87b413cdfc2b9cefce5802effd791ba Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Wed, 2 Mar 2016 17:19:03 +0100 Subject: [PATCH] Added patch to check for invalid filename pointers in CreateFileA in Win 9x mode. --- ...or-invalid-filename-pointers-in-Crea.patch | 31 +++++++++++++++++++ patches/kernel32-CreateFileA/definition | 1 + patches/patchinstall.sh | 16 ++++++++++ 3 files changed, 48 insertions(+) create mode 100644 patches/kernel32-CreateFileA/0001-kernel32-Check-for-invalid-filename-pointers-in-Crea.patch create mode 100644 patches/kernel32-CreateFileA/definition diff --git a/patches/kernel32-CreateFileA/0001-kernel32-Check-for-invalid-filename-pointers-in-Crea.patch b/patches/kernel32-CreateFileA/0001-kernel32-Check-for-invalid-filename-pointers-in-Crea.patch new file mode 100644 index 00000000..94a08ef0 --- /dev/null +++ b/patches/kernel32-CreateFileA/0001-kernel32-Check-for-invalid-filename-pointers-in-Crea.patch @@ -0,0 +1,31 @@ +From db905292a144241f781c451d1e72f8992abbf97a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20M=C3=BCller?= +Date: Wed, 2 Mar 2016 04:24:35 +0100 +Subject: kernel32: Check for invalid filename pointers in CreateFileA in Win + 9X mode. + +The demo version of Test Drive 5 loops through a list of filenames and opens +them using CreateFileA. The stop condition is not correct and the game reads +past the end of the array and therefore passes several invalid pointers to +the CreateFileA API. Windows 98 catches those invalid pointers and the game +can load sucessfully. This commit adds the same behavior when setting the +Windows version to 9X. +--- + dlls/kernel32/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/dlls/kernel32/file.c b/dlls/kernel32/file.c +index b6dba6a..750a8ac 100644 +--- a/dlls/kernel32/file.c ++++ b/dlls/kernel32/file.c +@@ -1629,6 +1629,7 @@ HANDLE WINAPI CreateFileA( LPCSTR filename, DWORD access, DWORD sharing, + { + WCHAR *nameW; + ++ if ((GetVersion() & 0x80000000) && IsBadStringPtrA(filename, -1)) return INVALID_HANDLE_VALUE; + if (!(nameW = FILE_name_AtoW( filename, FALSE ))) return INVALID_HANDLE_VALUE; + return CreateFileW( nameW, access, sharing, sa, creation, attributes, template ); + } +-- +2.7.1 + diff --git a/patches/kernel32-CreateFileA/definition b/patches/kernel32-CreateFileA/definition new file mode 100644 index 00000000..3aa1b0be --- /dev/null +++ b/patches/kernel32-CreateFileA/definition @@ -0,0 +1 @@ +Fixes: Check for invalid filename pointers in CreateFileA in Win 9x mode diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index e8251ec2..9b725dbc 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -164,6 +164,7 @@ patch_enable_all () enable_iphlpapi_TCP_Table="$1" enable_kernel32_COMSPEC="$1" enable_kernel32_CopyFileEx="$1" + enable_kernel32_CreateFileA="$1" enable_kernel32_Cwd_Startup_Info="$1" enable_kernel32_ERROR_DLL_NOT_FOUND="$1" enable_kernel32_FindFirstFile="$1" @@ -648,6 +649,9 @@ patch_enable () kernel32-CopyFileEx) enable_kernel32_CopyFileEx="$2" ;; + kernel32-CreateFileA) + enable_kernel32_CreateFileA="$2" + ;; kernel32-Cwd_Startup_Info) enable_kernel32_Cwd_Startup_Info="$2" ;; @@ -4009,6 +4013,18 @@ if test "$enable_kernel32_CopyFileEx" -eq 1; then ) >> "$patchlist" fi +# Patchset kernel32-CreateFileA +# | +# | Modified files: +# | * dlls/kernel32/file.c +# | +if test "$enable_kernel32_CreateFileA" -eq 1; then + patch_apply kernel32-CreateFileA/0001-kernel32-Check-for-invalid-filename-pointers-in-Crea.patch + ( + echo '+ { "Michael Müller", "kernel32: Check for invalid filename pointers in CreateFileA in Win 9X mode.", 1 },'; + ) >> "$patchlist" +fi + # Patchset kernel32-Cwd_Startup_Info # | # | Modified files: