Dmitry Timoshkov : ntdll: Add ACTCTX field limit checks to RtlCreateActivationContext().

8 Nov 2023

Module: wine
Branch: master
Commit: 909204005b2510db1314dd48b2ab3e49ebd49d9a
URL:    https://gitlab.winehq.org/wine/wine/-/commit/909204005b2510db1314dd48b2ab3e4...
Author: Dmitry Timoshkov dmitry@baikal.ru
Date:   Thu Sep 14 15:14:38 2023 +0300
ntdll: Add ACTCTX field limit checks to RtlCreateActivationContext().
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru
---
dlls/kernel32/tests/actctx.c |  2 --
 dlls/ntdll/actctx.c          | 12 ++++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/dlls/kernel32/tests/actctx.c b/dlls/kernel32/tests/actctx.c
index 56211c46040..20e5e42b620 100644
--- a/dlls/kernel32/tests/actctx.c
+++ b/dlls/kernel32/tests/actctx.c
@@ -2853,7 +2853,6 @@ static void test_CreateActCtx(void)
         handle = CreateActCtxW(&ctxW);
         if (!test[i].error)
         {
-            todo_wine
             ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
             ReleaseActCtx(handle);
         }
@@ -2868,7 +2867,6 @@ static void test_CreateActCtx(void)
             ctxW.lpSource = sourceW; /* source without hModule must point to valid PE */
         SetLastError(0xdeadbeef);
         handle = CreateActCtxW(&ctxW);
-        todo_wine_if(i != 4)
         ok(handle != INVALID_HANDLE_VALUE, "CreateActCtx error %lu\n", GetLastError());
         ReleaseActCtx(handle);
diff --git a/dlls/ntdll/actctx.c b/dlls/ntdll/actctx.c
index 9379d20b6c1..fbffe691559 100644
--- a/dlls/ntdll/actctx.c
+++ b/dlls/ntdll/actctx.c
@@ -5261,9 +5261,17 @@ NTSTATUS WINAPI RtlCreateActivationContext( HANDLE *handle, const void *ptr )
TRACE("%p %08lx\n", pActCtx, pActCtx ? pActCtx->dwFlags : 0);
-    if (!pActCtx || pActCtx->cbSize < sizeof(*pActCtx) ||
-        (pActCtx->dwFlags & ~ACTCTX_FLAGS_ALL))
+#define CHECK_LIMIT( field ) (pActCtx->cbSize >= RTL_SIZEOF_THROUGH_FIELD( ACTCTXW, field ))
+    if (!pActCtx || (pActCtx->dwFlags & ~ACTCTX_FLAGS_ALL) ||
+        !CHECK_LIMIT( lpSource ) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_PROCESSOR_ARCHITECTURE_VALID) && !CHECK_LIMIT( wProcessorArchitecture )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_LANGID_VALID) && !CHECK_LIMIT( wLangId )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_ASSEMBLY_DIRECTORY_VALID) && !CHECK_LIMIT( lpAssemblyDirectory )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) && !CHECK_LIMIT( lpResourceName )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_APPLICATION_NAME_VALID) && !CHECK_LIMIT( lpApplicationName )) ||
+        ((pActCtx->dwFlags & ACTCTX_FLAG_HMODULE_VALID) && !CHECK_LIMIT( hModule )))
         return STATUS_INVALID_PARAMETER;
+#undef CHECK_LIMIT
if ((pActCtx->dwFlags & ACTCTX_FLAG_RESOURCE_NAME_VALID) && !pActCtx->lpResourceName)
         return STATUS_INVALID_PARAMETER;

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Dmitry Timoshkov : ntdll: Add ACTCTX field limit checks to RtlCreateActivationContext().