From daf7cb4cb9c8dbdc8850c8189eacd4302e1a76b6 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Fri, 8 Mar 2024 18:35:53 -0600 Subject: [PATCH] ntdll-WRITECOPY: Trigger write watches on the "info" pointer in SystemInterruptInformation. This goes through a buffer in advapi32, so it's not obviously visible to the application; however, it means that a call to getrandom() will return EFAULT and won't actually fill the buffer. --- ...ite-watches-on-the-info-pointer-in-S.patch | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch diff --git a/patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch b/patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch new file mode 100644 index 00000000..220e8cba --- /dev/null +++ b/patches/ntdll-WRITECOPY/0002-ntdll-Trigger-write-watches-on-the-info-pointer-in-S.patch @@ -0,0 +1,26 @@ +From 3d340d4f31aa1cb3ad6cd9e7a59118e84ab040f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Aida=20Jonikien=C4=97?= +Date: Fri, 8 Mar 2024 17:52:24 -0600 +Subject: [PATCH] ntdll: Trigger write watches on the "info" pointer in + SystemInterruptInformation. + +--- + dlls/ntdll/unix/system.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dlls/ntdll/unix/system.c b/dlls/ntdll/unix/system.c +index 4c6c4cd23e2..9dc1ff80152 100644 +--- a/dlls/ntdll/unix/system.c ++++ b/dlls/ntdll/unix/system.c +@@ -2943,7 +2943,7 @@ NTSTATUS WINAPI NtQuerySystemInformation( SYSTEM_INFORMATION_CLASS class, + len = peb->NumberOfProcessors * sizeof(SYSTEM_INTERRUPT_INFORMATION); + if (size >= len) + { +- if (!info) ret = STATUS_ACCESS_VIOLATION; ++ if (!info || !virtual_check_buffer_for_write( info, len )) ret = STATUS_ACCESS_VIOLATION; + else + { + #ifdef HAVE_GETRANDOM +-- +2.43.0 +