ntdll: Round header size to page boundary before checking it in PE header conversion.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2019-01-25 12:46:37 +01:00
parent 08ba44618d
commit 96eebec967
1 changed files with 7 additions and 2 deletions

View File

@ -1935,16 +1935,21 @@ static BOOL convert_to_pe64( HMODULE module, const pe_image_info_t *info )
IMAGE_NT_HEADERS *nt = RtlImageNtHeader( module ); IMAGE_NT_HEADERS *nt = RtlImageNtHeader( module );
SIZE_T hdr_size = min( sizeof(hdr32), nt->FileHeader.SizeOfOptionalHeader ); SIZE_T hdr_size = min( sizeof(hdr32), nt->FileHeader.SizeOfOptionalHeader );
IMAGE_SECTION_HEADER *sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + hdr_size); IMAGE_SECTION_HEADER *sec = (IMAGE_SECTION_HEADER *)((char *)&nt->OptionalHeader + hdr_size);
SIZE_T size = (char *)(nt + 1) + nt->FileHeader.NumberOfSections * sizeof(*sec) - (char *)module; SIZE_T size = info->header_size;
void *addr = module; void *addr = module;
ULONG i, old_prot; ULONG i, old_prot;
TRACE( "%p\n", module ); TRACE( "%p\n", module );
if (size > info->header_size) return FALSE;
if (NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, PAGE_READWRITE, &old_prot )) if (NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, PAGE_READWRITE, &old_prot ))
return FALSE; return FALSE;
if ((char *)module + size < (char *)(nt + 1) + nt->FileHeader.NumberOfSections * sizeof(*sec))
{
NtProtectVirtualMemory( NtCurrentProcess(), &addr, &size, old_prot, &old_prot );
return FALSE;
}
memcpy( &hdr32, &nt->OptionalHeader, hdr_size ); memcpy( &hdr32, &nt->OptionalHeader, hdr_size );
memcpy( &hdr64, &hdr32, offsetof( IMAGE_OPTIONAL_HEADER64, SizeOfStackReserve )); memcpy( &hdr64, &hdr32, offsetof( IMAGE_OPTIONAL_HEADER64, SizeOfStackReserve ));
hdr64.Magic = IMAGE_NT_OPTIONAL_HDR64_MAGIC; hdr64.Magic = IMAGE_NT_OPTIONAL_HDR64_MAGIC;