https://bugs.winehq.org/show_bug.cgi?id=49371
Damjan Jovanovic damjan.jov@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |f17404f8ed2883e28ef33887c7e | |0a9c2fc2e4874 Status|UNCONFIRMED |RESOLVED CC| |damjan.jov@gmail.com
--- Comment #2 from Damjan Jovanovic damjan.jov@gmail.com --- It was fixed even earlier, by this commit:
---snip--- commit f17404f8ed2883e28ef33887c7e0a9c2fc2e4874 Author: Paul Gofman pgofman@codeweavers.com Date: Wed Dec 16 11:58:27 2020 +0300
ws2_32: Fix buffer size check in WSAIoctl() for SIO_GET_INTERFACE_LIST.
Fixes out of bound memory access in Anno 1404 Addon.
Signed-off-by: Paul Gofman pgofman@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
diff --git a/dlls/ws2_32/socket.c b/dlls/ws2_32/socket.c index 6cb35bcd135..05097ce53b8 100644 --- a/dlls/ws2_32/socket.c +++ b/dlls/ws2_32/socket.c @@ -4618,10 +4618,11 @@ INT WINAPI WSAIoctl(SOCKET s, DWORD code, LPVOID in_buff, DWORD in_size, LPVOID if (ptr->IpAddressList.IpAddress.String[0] == '\0') continue;
- if ((numInt + 1)*sizeof(INTERFACE_INFO)/sizeof(IP_ADAPTER_INFO) > out_size) + if ((numInt + 1) * sizeof(INTERFACE_INFO) > out_size) { WARN("Buffer too small = %u, out_size = %u\n", numInt + 1, out_size); status = WSAEFAULT; + if (ret_size) *ret_size = 0; break; } ---snip---
Resolving FIXED. Thank you for your bug report!