From ece1d5174593baf59f13d05e84c93664c403a3a7 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Thu, 28 Aug 2014 07:26:53 +0200 Subject: [PATCH] ntdll-Fix_Free: Move fix for invalid memory access to patch 9, which introduced the error. --- patches/Makefile | 2 +- ..._unix_file_name_attr-return-always-s.patch | 2 +- ...nt_to_unix_file_name-return-always-s.patch | 2 +- ...id_to_unix_file_name-return-always-s.patch | 2 +- ...n-STATUS_NO_SUCH_FILE-in-NtQueryFull.patch | 2 +- ...n-STATUS_NO_SUCH_FILE-in-NtQueryAttr.patch | 2 +- ...ly-leak-on-STATUS_NO_SUCH_FILE-in-in.patch | 2 +- ...n-STATUS_NO_SUCH_FILE-in-load_builti.patch | 2 +- ...n-STATUS_NO_SUCH_FILE-for-certain-di.patch | 2 +- ...k-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch | 18 +++++++++++---- ...k-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch | 2 +- ...ing-directory-handle-in-RemoveDirec.patch} | 23 +++++++++++-------- 12 files changed, 37 insertions(+), 24 deletions(-) rename patches/ntdll-Fix_Free/{0011-kernel32-Fix-a-leak-and-invalid-memory-access-in-Rem.patch => 0011-kernel32-Fix-leaking-directory-handle-in-RemoveDirec.patch} (67%) diff --git a/patches/Makefile b/patches/Makefile index fdadfe55..de84a6e2 100644 --- a/patches/Makefile +++ b/patches/Makefile @@ -541,7 +541,7 @@ ntdll-Fix_Free.ok: $(call APPLY_FILE,ntdll-Fix_Free/0008-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-for-certain-di.patch) $(call APPLY_FILE,ntdll-Fix_Free/0009-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch) $(call APPLY_FILE,ntdll-Fix_Free/0010-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch) - $(call APPLY_FILE,ntdll-Fix_Free/0011-kernel32-Fix-a-leak-and-invalid-memory-access-in-Rem.patch) + $(call APPLY_FILE,ntdll-Fix_Free/0011-kernel32-Fix-leaking-directory-handle-in-RemoveDirec.patch) @( \ echo '+ { "ntdll-Fix_Free", "Erich E. Hoover", "Fix unintentional leaks with ntdll internals [rev 2]" },'; \ ) > ntdll-Fix_Free.ok diff --git a/patches/ntdll-Fix_Free/0001-ntdll-Make-nt_to_unix_file_name_attr-return-always-s.patch b/patches/ntdll-Fix_Free/0001-ntdll-Make-nt_to_unix_file_name_attr-return-always-s.patch index 598e6894..c08fc985 100644 --- a/patches/ntdll-Fix_Free/0001-ntdll-Make-nt_to_unix_file_name_attr-return-always-s.patch +++ b/patches/ntdll-Fix_Free/0001-ntdll-Make-nt_to_unix_file_name_attr-return-always-s.patch @@ -1,4 +1,4 @@ -From 1725bf5deb419b54306c70b1d3b23259236b2090 Mon Sep 17 00:00:00 2001 +From 87680099180ae97cdd4ab0060929e77a93ca453c Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:31:53 -0600 Subject: ntdll: Make nt_to_unix_file_name_attr return always safe to free. diff --git a/patches/ntdll-Fix_Free/0002-ntdll-Make-wine_nt_to_unix_file_name-return-always-s.patch b/patches/ntdll-Fix_Free/0002-ntdll-Make-wine_nt_to_unix_file_name-return-always-s.patch index 70313fcc..96ab2fbb 100644 --- a/patches/ntdll-Fix_Free/0002-ntdll-Make-wine_nt_to_unix_file_name-return-always-s.patch +++ b/patches/ntdll-Fix_Free/0002-ntdll-Make-wine_nt_to_unix_file_name-return-always-s.patch @@ -1,4 +1,4 @@ -From 8298ecb1d1eead39e9333670e79a7136ca60db50 Mon Sep 17 00:00:00 2001 +From 3fdd706cddf8cf517f38488f445ca4ab30bba088 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:35:55 -0600 Subject: ntdll: Make wine_nt_to_unix_file_name return always safe to free. diff --git a/patches/ntdll-Fix_Free/0003-ntdll-Make-file_id_to_unix_file_name-return-always-s.patch b/patches/ntdll-Fix_Free/0003-ntdll-Make-file_id_to_unix_file_name-return-always-s.patch index 3ad1c9d5..6916ec20 100644 --- a/patches/ntdll-Fix_Free/0003-ntdll-Make-file_id_to_unix_file_name-return-always-s.patch +++ b/patches/ntdll-Fix_Free/0003-ntdll-Make-file_id_to_unix_file_name-return-always-s.patch @@ -1,4 +1,4 @@ -From 2bde34705bcb0cf25affb6744df736611736a869 Mon Sep 17 00:00:00 2001 +From 4394fbad092e3786360b6f7099500e26e5dbaa71 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:28:10 -0600 Subject: ntdll: Make file_id_to_unix_file_name return always safe to free. diff --git a/patches/ntdll-Fix_Free/0004-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryFull.patch b/patches/ntdll-Fix_Free/0004-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryFull.patch index ebd9e53f..a270963f 100644 --- a/patches/ntdll-Fix_Free/0004-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryFull.patch +++ b/patches/ntdll-Fix_Free/0004-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryFull.patch @@ -1,4 +1,4 @@ -From 01ee64a9b96003315c521704c4e8e27b0f832b82 Mon Sep 17 00:00:00 2001 +From e77e75d4bc2bddb96f1c1819172ac753f4508e53 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:40:09 -0600 Subject: ntdll: Fix leak on STATUS_NO_SUCH_FILE in NtQueryFullAttributesFile. diff --git a/patches/ntdll-Fix_Free/0005-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryAttr.patch b/patches/ntdll-Fix_Free/0005-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryAttr.patch index 5e18a692..56cba68d 100644 --- a/patches/ntdll-Fix_Free/0005-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryAttr.patch +++ b/patches/ntdll-Fix_Free/0005-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-NtQueryAttr.patch @@ -1,4 +1,4 @@ -From 7ea279c6afb68865bfb6f09233e3d0fb2915fbfd Mon Sep 17 00:00:00 2001 +From 9b0b9ca377c6d93866c27b262d0b774e565e4cd3 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:40:44 -0600 Subject: ntdll: Fix leak on STATUS_NO_SUCH_FILE in NtQueryAttributesFile. diff --git a/patches/ntdll-Fix_Free/0006-ntdll-Fix-unlikely-leak-on-STATUS_NO_SUCH_FILE-in-in.patch b/patches/ntdll-Fix_Free/0006-ntdll-Fix-unlikely-leak-on-STATUS_NO_SUCH_FILE-in-in.patch index 73be77a0..a6d4906a 100644 --- a/patches/ntdll-Fix_Free/0006-ntdll-Fix-unlikely-leak-on-STATUS_NO_SUCH_FILE-in-in.patch +++ b/patches/ntdll-Fix_Free/0006-ntdll-Fix-unlikely-leak-on-STATUS_NO_SUCH_FILE-in-in.patch @@ -1,4 +1,4 @@ -From fa2f0ec87a3a0b7e4d176b8a334477bbb404bc07 Mon Sep 17 00:00:00 2001 +From f9af5e33f532b5bcc4c9e4195efe54bbb29ed826 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:45:34 -0600 Subject: ntdll: Fix unlikely leak on STATUS_NO_SUCH_FILE in init_redirects. diff --git a/patches/ntdll-Fix_Free/0007-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-load_builti.patch b/patches/ntdll-Fix_Free/0007-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-load_builti.patch index 862d0ab5..7b484839 100644 --- a/patches/ntdll-Fix_Free/0007-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-load_builti.patch +++ b/patches/ntdll-Fix_Free/0007-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-in-load_builti.patch @@ -1,4 +1,4 @@ -From 7d32863a7f2a412b5f42d4a60ba683d92911a251 Mon Sep 17 00:00:00 2001 +From c8c9fa7bab2da87b6a14380265cf88bc53eea6de Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:57:06 -0600 Subject: ntdll: Fix leak on STATUS_NO_SUCH_FILE in load_builtin_dll. diff --git a/patches/ntdll-Fix_Free/0008-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-for-certain-di.patch b/patches/ntdll-Fix_Free/0008-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-for-certain-di.patch index ab330199..b2cb5a48 100644 --- a/patches/ntdll-Fix_Free/0008-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-for-certain-di.patch +++ b/patches/ntdll-Fix_Free/0008-ntdll-Fix-leak-on-STATUS_NO_SUCH_FILE-for-certain-di.patch @@ -1,4 +1,4 @@ -From a7f6ef878680392871f8d2e00e06877fdb4182a5 Mon Sep 17 00:00:00 2001 +From 8a03ff8a255dc1a685a963acb3d6ae26478b6a6b Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 23:09:02 -0600 Subject: ntdll: Fix leak on STATUS_NO_SUCH_FILE (for certain dispositions) in diff --git a/patches/ntdll-Fix_Free/0009-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch b/patches/ntdll-Fix_Free/0009-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch index ea1007cf..1c758e98 100644 --- a/patches/ntdll-Fix_Free/0009-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch +++ b/patches/ntdll-Fix_Free/0009-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-RemoveDi.patch @@ -1,17 +1,25 @@ -From d52a094e2e5831a52fac98016fc71879edc8193e Mon Sep 17 00:00:00 2001 +From a2c8ef31f29e7e6473c6c0c35a7b9681bc99f1da Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:50:19 -0600 Subject: kernel32: Fix leak on STATUS_NO_SUCH_FILE in RemoveDirectoryW. --- - dlls/kernel32/path.c | 1 + - 1 file changed, 1 insertion(+) + dlls/kernel32/path.c | 2 ++ + 1 file changed, 2 insertions(+) diff --git a/dlls/kernel32/path.c b/dlls/kernel32/path.c -index 09fb04b..eeba48a 100644 +index 09fb04b..4a41ab8 100644 --- a/dlls/kernel32/path.c +++ b/dlls/kernel32/path.c -@@ -1619,6 +1619,7 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) +@@ -1602,6 +1602,7 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) + SetLastError( ERROR_PATH_NOT_FOUND ); + return FALSE; + } ++ unix_name.Buffer = NULL; + attr.Length = sizeof(attr); + attr.RootDirectory = 0; + attr.Attributes = OBJ_CASE_INSENSITIVE; +@@ -1619,6 +1620,7 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) if (status != STATUS_SUCCESS) { SetLastError( RtlNtStatusToDosError(status) ); diff --git a/patches/ntdll-Fix_Free/0010-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch b/patches/ntdll-Fix_Free/0010-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch index 3b048ff2..15f1b935 100644 --- a/patches/ntdll-Fix_Free/0010-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch +++ b/patches/ntdll-Fix_Free/0010-kernel32-Fix-leak-on-STATUS_NO_SUCH_FILE-in-QueryDos.patch @@ -1,4 +1,4 @@ -From 608a327fb5ee53f6c2b5fd0a937bd7e67df98820 Mon Sep 17 00:00:00 2001 +From 8951f3f246da65fe632e54d0e9cbb347df231f70 Mon Sep 17 00:00:00 2001 From: "Erich E. Hoover" Date: Thu, 21 Aug 2014 22:54:09 -0600 Subject: kernel32: Fix leak on STATUS_NO_SUCH_FILE in QueryDosDeviceW. diff --git a/patches/ntdll-Fix_Free/0011-kernel32-Fix-a-leak-and-invalid-memory-access-in-Rem.patch b/patches/ntdll-Fix_Free/0011-kernel32-Fix-leaking-directory-handle-in-RemoveDirec.patch similarity index 67% rename from patches/ntdll-Fix_Free/0011-kernel32-Fix-a-leak-and-invalid-memory-access-in-Rem.patch rename to patches/ntdll-Fix_Free/0011-kernel32-Fix-leaking-directory-handle-in-RemoveDirec.patch index 2eccf278..94ba4074 100644 --- a/patches/ntdll-Fix_Free/0011-kernel32-Fix-a-leak-and-invalid-memory-access-in-Rem.patch +++ b/patches/ntdll-Fix_Free/0011-kernel32-Fix-leaking-directory-handle-in-RemoveDirec.patch @@ -1,20 +1,25 @@ -From 09d194aee9e84242a2843711947a72426fc8678c Mon Sep 17 00:00:00 2001 +From cecc1c37484bd63da728d6dcde7aca633019bdca Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Thu, 28 Aug 2014 05:36:01 +0200 -Subject: kernel32: Fix a leak and invalid memory access in RemoveDirectoryW. +Subject: kernel32: Fix leaking directory handle in RemoveDirectoryW. -NtClose( handle ) was missing on the error path, besides that unix_name is -not always initialized, and might contain garbage values - don't run -RtlFreeAnsiString in this case. --- - dlls/kernel32/path.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) + dlls/kernel32/path.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/dlls/kernel32/path.c b/dlls/kernel32/path.c -index eeba48a..593cc1d 100644 +index 4a41ab8..593cc1d 100644 --- a/dlls/kernel32/path.c +++ b/dlls/kernel32/path.c -@@ -1612,18 +1612,21 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) +@@ -1602,7 +1602,6 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) + SetLastError( ERROR_PATH_NOT_FOUND ); + return FALSE; + } +- unix_name.Buffer = NULL; + attr.Length = sizeof(attr); + attr.RootDirectory = 0; + attr.Attributes = OBJ_CASE_INSENSITIVE; +@@ -1613,18 +1612,21 @@ BOOL WINAPI RemoveDirectoryW( LPCWSTR path ) status = NtOpenFile( &handle, DELETE, &attr, &io, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT );