Module: wine Branch: master Commit: 7e1c886fbfd362376b6aebe5381ab7d4433c3371 URL: http://source.winehq.org/git/wine.git/?a=commit;h=7e1c886fbfd362376b6aebe538...
Author: André Hentschel nerv@dawncrow.de Date: Tue Jul 7 19:50:25 2015 +0200
ntdll: Randomize security cookie when available.
---
dlls/ntdll/virtual.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index bc3f7cd..410e060 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -1067,6 +1067,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz IMAGE_SECTION_HEADER sections[96]; IMAGE_SECTION_HEADER *sec; IMAGE_DATA_DIRECTORY *imports; + IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg; + ULONG loadcfg_size; NTSTATUS status = STATUS_CONFLICTING_ADDRESSES; int i; off_t pos; @@ -1278,6 +1280,24 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz } }
+ /* randomize security cookie */ + + loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE, + IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size ); + if (loadcfg && loadcfg_size >= sizeof(*loadcfg)) + { + static ULONG seed; + ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie; + + if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId(); + if (cookie) + { + *cookie = RtlRandom( &seed ); + if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */ + *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16; + } + } + /* set the image protections */
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
-
Alexandre Julliard