From fdc24226bf55d40f4fd99ffa1073953f7c80c168 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 1 Jun 2014 23:47:53 +0200 Subject: [PATCH] 02-ACL_Extended_Attributes: Add additional patch to prevent crashes in case of invalid extended attributes. --- ...ional-checks-in-get_xattr_sd-to-prev.patch | 35 +++++++++++++++++++ .../92938b89-506b-430a-ba50-32de8b286e56.def | 2 +- patches/patch-list.patch | 2 +- 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch diff --git a/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch b/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch new file mode 100644 index 00000000..acef77dd --- /dev/null +++ b/patches/02-ACL_Extended_Attributes/0011-server-Add-additional-checks-in-get_xattr_sd-to-prev.patch @@ -0,0 +1,35 @@ +From 145c8755725667b5dc0b434236831090cea984a8 Mon Sep 17 00:00:00 2001 +From: Sebastian Lackner +Date: Sun, 1 Jun 2014 23:46:09 +0200 +Subject: server: Add additional checks in get_xattr_sd to prevent crashes + caused by invalid attributes. + +--- + server/file.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/server/file.c b/server/file.c +index 08231a7..bf5b796 100644 +--- a/server/file.c ++++ b/server/file.c +@@ -738,10 +738,16 @@ struct security_descriptor *get_xattr_sd( int fd ) + int n; + + n = fgetxattr( fd, "user.wine.sd", buffer, sizeof(buffer) ); +- if (n == -1) return NULL; ++ if (n < 2 + sizeof(struct security_descriptor)) return NULL; ++ + /* validate that we can handle the descriptor */ + if (buffer[0] != SECURITY_DESCRIPTOR_REVISION || buffer[1] != 0) return NULL; + ++ sd = (struct security_descriptor *)&buffer[2]; ++ if (n < 2 + sizeof(struct security_descriptor) + sd->owner_len ++ + sd->group_len + sd->sacl_len + sd->dacl_len) ++ return NULL; ++ + sd = mem_alloc( n - 2 ); + memcpy( sd, &buffer[2], n - 2 ); + return sd; +-- +1.7.9.5 + diff --git a/patches/02-ACL_Extended_Attributes/92938b89-506b-430a-ba50-32de8b286e56.def b/patches/02-ACL_Extended_Attributes/92938b89-506b-430a-ba50-32de8b286e56.def index bfa4b14f..cd146fb4 100644 --- a/patches/02-ACL_Extended_Attributes/92938b89-506b-430a-ba50-32de8b286e56.def +++ b/patches/02-ACL_Extended_Attributes/92938b89-506b-430a-ba50-32de8b286e56.def @@ -1,3 +1,3 @@ -Revision: 4 +Revision: 5 Author: Erich E. Hoover Title: Store and return security attributes with extended file attributes. diff --git a/patches/patch-list.patch b/patches/patch-list.patch index 50d532ef..a40fa6b6 100644 --- a/patches/patch-list.patch +++ b/patches/patch-list.patch @@ -18,7 +18,7 @@ index a273502..5fa0cd5 100644 + { "1b7ac850-5040-4d9e-8fde-9c483c3baf33:1", "Sebastian Lackner", "Add commandline option --patches to show the patch list." }, + { "9e9a58e1-b226-4d4d-943b-be9a4c1dc525:1", "Michael Müller", "Add commandline option --check-libs to test if shared libraries are installed." }, + { "8a366b6d-8ad6-4581-8aa9-66a03590a57b:2", "Erich E. Hoover", "Implement SIO_ADDRESS_LIST_CHANGE." }, -+ { "92938b89-506b-430a-ba50-32de8b286e56:4", "Erich E. Hoover", "Store and return security attributes with extended file attributes." }, ++ { "92938b89-506b-430a-ba50-32de8b286e56:5", "Erich E. Hoover", "Store and return security attributes with extended file attributes." }, + { "5d6bb7b5-ec88-4ed3-907d-9ad2173a2f88:1", "Sebastian Lackner", "Enable/disable windows when they are (un)mapped by foreign applications." }, + { "94186fff-6dbf-44d0-8eb1-2463d1608a0f:1", "Sebastian Lackner", "Update gl_drawable for embedded windows." }, + { "1d0160c7-42a4-491c-9676-fa3b1859aaab:1", "Michael Müller", "Fix return value of WaitNamedPipe if pipe does not exist." },