ntdll-WRITECOPY: Trigger write watches on the "info" pointer in SystemInterruptInformation.

This goes through a buffer in advapi32, so it's not obviously visible to the application; however, it means that a call to getrandom() will return EFAULT and won't actually fill the buffer.
2024-09-13 09:17:20 -07:00 · 2024-03-08 18:35:53 -06:00 · 2024-03-08 18:35:53 -06:00 · daf7cb4cb9
commit daf7cb4cb9
parent 9e265ac738
1 changed files with 26 additions and 0 deletions
--- a/patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch
+++ b/patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch
@ -0,0 +1,26 @@
+From 3d340d4f31aa1cb3ad6cd9e7a59118e84ab040f1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Aida=20Jonikien=C4=97?= <aidas957@gmail.com>
+Date: Fri, 8 Mar 2024 17:52:24 -0600
+Subject: [PATCH] ntdll: Trigger write watches on the "info" pointer in
+ SystemInterruptInformation.
+
+---
+ dlls/ntdll/unix/system.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/ntdll/unix/system.c b/dlls/ntdll/unix/system.c
+index 4c6c4cd23e2..9dc1ff80152 100644
+--- a/dlls/ntdll/unix/system.c
+++ b/dlls/ntdll/unix/system.c
+@@ -2943,7 +2943,7 @@ NTSTATUS WINAPI NtQuerySystemInformation( SYSTEM_INFORMATION_CLASS class,
+         len = peb->NumberOfProcessors * sizeof(SYSTEM_INTERRUPT_INFORMATION);
+         if (size >= len)
+         {
+-            if (!info) ret = STATUS_ACCESS_VIOLATION;
+            if (!info || !virtual_check_buffer_for_write( info, len )) ret = STATUS_ACCESS_VIOLATION;
+             else
+             {
+ #ifdef HAVE_GETRANDOM
+-- 
+2.43.0
+