ntdll: Move cookie initialization code from memory management to loader.
This commit is contained in:
parent
79c37ac88b
commit
38076fa633
|
@ -50,6 +50,12 @@ WINE_DECLARE_DEBUG_CHANNEL(snoop);
|
||||||
WINE_DECLARE_DEBUG_CHANNEL(loaddll);
|
WINE_DECLARE_DEBUG_CHANNEL(loaddll);
|
||||||
WINE_DECLARE_DEBUG_CHANNEL(imports);
|
WINE_DECLARE_DEBUG_CHANNEL(imports);
|
||||||
|
|
||||||
|
#ifdef _WIN64
|
||||||
|
#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
|
||||||
|
#endif
|
||||||
|
#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
|
||||||
|
#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
|
||||||
|
|
||||||
/* we don't want to include winuser.h */
|
/* we don't want to include winuser.h */
|
||||||
#define RT_MANIFEST ((ULONG_PTR)24)
|
#define RT_MANIFEST ((ULONG_PTR)24)
|
||||||
#define ISOLATIONAWARE_MANIFEST_RESOURCE_ID ((ULONG_PTR)2)
|
#define ISOLATIONAWARE_MANIFEST_RESOURCE_ID ((ULONG_PTR)2)
|
||||||
|
@ -1602,6 +1608,55 @@ static void load_builtin_callback( void *module, const char *filename )
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/***********************************************************************
|
||||||
|
* set_security_cookie
|
||||||
|
*
|
||||||
|
* Create a random security cookie for buffer overflow protection. Make
|
||||||
|
* sure it does not accidentally match the default cookie value.
|
||||||
|
*/
|
||||||
|
static void set_security_cookie( void *module, SIZE_T len )
|
||||||
|
{
|
||||||
|
static ULONG seed;
|
||||||
|
IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
|
||||||
|
ULONG loadcfg_size;
|
||||||
|
ULONG_PTR *cookie;
|
||||||
|
|
||||||
|
loadcfg = RtlImageDirectoryEntryToData( module, TRUE, IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
|
||||||
|
if (!loadcfg) return;
|
||||||
|
if (loadcfg_size < offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie)) return;
|
||||||
|
if (!loadcfg->SecurityCookie) return;
|
||||||
|
if (loadcfg->SecurityCookie < (ULONG_PTR)module ||
|
||||||
|
loadcfg->SecurityCookie > (ULONG_PTR)module + len - sizeof(ULONG_PTR))
|
||||||
|
{
|
||||||
|
WARN( "security cookie %p outside of image %p-%p\n",
|
||||||
|
(void *)loadcfg->SecurityCookie, module, (char *)module + len );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
|
||||||
|
TRACE( "initializing security cookie %p\n", cookie );
|
||||||
|
|
||||||
|
if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
if (*cookie == DEFAULT_SECURITY_COOKIE_16)
|
||||||
|
*cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
|
||||||
|
else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
|
||||||
|
*cookie = RtlRandom( &seed );
|
||||||
|
#ifdef DEFAULT_SECURITY_COOKIE_64
|
||||||
|
else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
|
||||||
|
{
|
||||||
|
*cookie = RtlRandom( &seed );
|
||||||
|
/* fill up, but keep the highest word clear */
|
||||||
|
*cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
else
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
* load_native_dll (internal)
|
* load_native_dll (internal)
|
||||||
*/
|
*/
|
||||||
|
@ -1636,6 +1691,8 @@ static NTSTATUS load_native_dll( LPCWSTR load_path, LPCWSTR name, HANDLE file,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_security_cookie( module, len );
|
||||||
|
|
||||||
/* fixup imports */
|
/* fixup imports */
|
||||||
|
|
||||||
nt = RtlImageNtHeader( module );
|
nt = RtlImageNtHeader( module );
|
||||||
|
|
|
@ -61,12 +61,6 @@ WINE_DECLARE_DEBUG_CHANNEL(module);
|
||||||
#define MAP_NORESERVE 0
|
#define MAP_NORESERVE 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef _WIN64
|
|
||||||
#define DEFAULT_SECURITY_COOKIE_64 (((ULONGLONG)0x00002b99 << 32) | 0x2ddfa232)
|
|
||||||
#endif
|
|
||||||
#define DEFAULT_SECURITY_COOKIE_32 0xbb40e64e
|
|
||||||
#define DEFAULT_SECURITY_COOKIE_16 (DEFAULT_SECURITY_COOKIE_32 >> 16)
|
|
||||||
|
|
||||||
/* File view */
|
/* File view */
|
||||||
struct file_view
|
struct file_view
|
||||||
{
|
{
|
||||||
|
@ -1059,37 +1053,6 @@ static NTSTATUS stat_mapping_file( struct file_view *view, struct stat *st )
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/***********************************************************************
|
|
||||||
* set_security_cookie
|
|
||||||
*
|
|
||||||
* Create a random security cookie for buffer overflow protection. Make
|
|
||||||
* sure it does not accidentally match the default cookie value.
|
|
||||||
*/
|
|
||||||
static void set_security_cookie(ULONG_PTR *cookie)
|
|
||||||
{
|
|
||||||
static ULONG seed;
|
|
||||||
|
|
||||||
if (!cookie) return;
|
|
||||||
if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
|
|
||||||
while (1)
|
|
||||||
{
|
|
||||||
if (*cookie == DEFAULT_SECURITY_COOKIE_16)
|
|
||||||
*cookie = RtlRandom( &seed ) >> 16; /* leave the high word clear */
|
|
||||||
else if (*cookie == DEFAULT_SECURITY_COOKIE_32)
|
|
||||||
*cookie = RtlRandom( &seed );
|
|
||||||
#ifdef DEFAULT_SECURITY_COOKIE_64
|
|
||||||
else if (*cookie == DEFAULT_SECURITY_COOKIE_64)
|
|
||||||
{
|
|
||||||
*cookie = RtlRandom( &seed );
|
|
||||||
/* fill up, but keep the highest word clear */
|
|
||||||
*cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
else
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/***********************************************************************
|
/***********************************************************************
|
||||||
* map_image
|
* map_image
|
||||||
*
|
*
|
||||||
|
@ -1103,8 +1066,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
|
||||||
IMAGE_SECTION_HEADER sections[96];
|
IMAGE_SECTION_HEADER sections[96];
|
||||||
IMAGE_SECTION_HEADER *sec;
|
IMAGE_SECTION_HEADER *sec;
|
||||||
IMAGE_DATA_DIRECTORY *imports;
|
IMAGE_DATA_DIRECTORY *imports;
|
||||||
IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
|
|
||||||
ULONG loadcfg_size;
|
|
||||||
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
|
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
|
||||||
int i;
|
int i;
|
||||||
off_t pos;
|
off_t pos;
|
||||||
|
@ -1316,16 +1277,6 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* randomize security cookie */
|
|
||||||
|
|
||||||
loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
|
|
||||||
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
|
|
||||||
if (loadcfg && loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie) &&
|
|
||||||
(ULONG_PTR)ptr <= loadcfg->SecurityCookie && loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR))
|
|
||||||
{
|
|
||||||
set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* set the image protections */
|
/* set the image protections */
|
||||||
|
|
||||||
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
|
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
|
||||||
|
|
Loading…
Reference in New Issue