ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: Validate SecurityCookie pointer before accessing cookie value.

This commit is contained in:
Sebastian Lackner 2015-07-30 07:14:23 +02:00 committed by Alexandre Julliard
parent 4bcdbe0982
commit 6e66c12c68
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dlls/ntdll/virtual.c
View File

@ -1320,9 +1320,11 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE, loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size ); IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
if (loadcfg && if (loadcfg && loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie) &&
loadcfg_size >= offsetof(IMAGE_LOAD_CONFIG_DIRECTORY, SecurityCookie) + sizeof(loadcfg->SecurityCookie)) (ULONG_PTR)ptr <= loadcfg->SecurityCookie && loadcfg->SecurityCookie <= (ULONG_PTR)ptr + total_size - sizeof(ULONG_PTR))
{
set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie); set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);
}
/* set the image protections */ /* set the image protections */