Module: wine Branch: stable Commit: 91fdecbd95ad84e0165b513711bb3d446ff8f4ad URL: https://source.winehq.org/git/wine.git/?a=commit;h=91fdecbd95ad84e0165b51371... Author: Zebediah Figura <z.figura12(a)gmail.com> Date: Thu May 2 23:10:04 2019 -0500 setupapi: Add magic bytes to struct file_queue and validate them in SetupCloseFileQueue(). Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=12332 Signed-off-by: Zebediah Figura <z.figura12(a)gmail.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> (cherry picked from commit c65d98065c0038e0919f40bec4a9dc978fb2ade9) Conflicts: dlls/setupapi/tests/install.c Signed-off-by: Michael Stefaniuc <mstefani(a)winehq.org> --- dlls/setupapi/queue.c | 11 +++++++++++ dlls/setupapi/tests/install.c | 16 ++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/dlls/setupapi/queue.c b/dlls/setupapi/queue.c index cc17966770..95c77b7f44 100644 --- a/dlls/setupapi/queue.c +++ b/dlls/setupapi/queue.c @@ -70,12 +70,14 @@ struct file_op_queue struct file_queue { + DWORD magic; struct file_op_queue copy_queue; struct file_op_queue delete_queue; struct file_op_queue rename_queue; DWORD flags; }; +#define FILE_QUEUE_MAGIC 0x21514653 /* append a file operation to a queue */ static inline void queue_file_op( struct file_op_queue *queue, struct file_op *op ) @@ -413,6 +415,7 @@ HSPFILEQ WINAPI SetupOpenFileQueue(void) if (!(queue = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*queue)))) return INVALID_HANDLE_VALUE; + queue->magic = FILE_QUEUE_MAGIC; return queue; } @@ -424,6 +427,14 @@ BOOL WINAPI SetupCloseFileQueue( HSPFILEQ handle ) { struct file_queue *queue = handle; + /* Windows XP DDK installer passes the handle returned from + * SetupInitDefaultQueueCallback() to this function. */ + if (queue->magic != FILE_QUEUE_MAGIC) + { + SetLastError(ERROR_INVALID_HANDLE); + return FALSE; + } + free_file_op_queue( &queue->copy_queue ); free_file_op_queue( &queue->rename_queue ); free_file_op_queue( &queue->delete_queue ); diff --git a/dlls/setupapi/tests/install.c b/dlls/setupapi/tests/install.c index a3b562ecc8..5a915d650a 100644 --- a/dlls/setupapi/tests/install.c +++ b/dlls/setupapi/tests/install.c @@ -761,6 +761,21 @@ static void test_dirid(void) check_dirid(40, expected); } +static void test_close_queue(void) +{ + void *context; + BOOL ret; + + context = SetupInitDefaultQueueCallback(NULL); + ok(!!context, "Failed to create callback context, error %#x.\n", GetLastError()); + + ret = SetupCloseFileQueue(context); + ok(!ret, "Expected failure.\n"); + ok(GetLastError() == ERROR_INVALID_HANDLE, "Got unexpected error %u.\n", GetLastError()); + + SetupTermDefaultQueueCallback(context); +} + START_TEST(install) { char temp_path[MAX_PATH], prev_path[MAX_PATH]; @@ -785,6 +800,7 @@ START_TEST(install) test_install_svc_from(); test_driver_install(); test_dirid(); + test_close_queue(); UnhookWindowsHookEx(hhook);