[PATCH 1/4] server: All fields up to CheckSum are mandatory regardless of SizeOfOptionalHeader value.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- server/mapping.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/server/mapping.c b/server/mapping.c index 6990a1913d..ea2cd55513 100644 --- a/server/mapping.c +++ b/server/mapping.c @@ -592,11 +592,12 @@ static unsigned int get_image_params( struct mapping *mapping, file_pos_t file_s mz_size = size; pos = mz.dos.e_lfanew;
+ /* zero out Optional header in the case it's not present or partial */ + memset( &nt, 0, sizeof(nt) ); + size = pread( unix_fd, &nt, sizeof(nt), pos ); if (size < sizeof(nt.Signature) + sizeof(nt.FileHeader)) return STATUS_INVALID_IMAGE_PROTECT; - /* zero out Optional header in the case it's not present or partial */ - size = min( size, sizeof(nt.Signature) + sizeof(nt.FileHeader) + nt.FileHeader.SizeOfOptionalHeader ); - if (size < sizeof(nt)) memset( (char *)&nt + size, 0, sizeof(nt) - size ); + if (nt.Signature != IMAGE_NT_SIGNATURE) { IMAGE_OS2_HEADER *os2 = (IMAGE_OS2_HEADER *)&nt; @@ -609,6 +610,10 @@ static unsigned int get_image_params( struct mapping *mapping, file_pos_t file_s switch (nt.opt.hdr32.Magic) { case IMAGE_NT_OPTIONAL_HDR32_MAGIC: + /* All fields up to CheckSum are mandatory regardless of SizeOfOptionalHeader value */ + size = max( nt.FileHeader.SizeOfOptionalHeader, offsetof(IMAGE_OPTIONAL_HEADER32, CheckSum) ); + if (size < sizeof(nt.opt.hdr32)) memset( (char *)&nt.opt.hdr32 + size, 0, sizeof(nt.opt.hdr32) - size ); + switch (nt.FileHeader.Machine) { case IMAGE_FILE_MACHINE_I386: @@ -654,6 +659,10 @@ static unsigned int get_image_params( struct mapping *mapping, file_pos_t file_s break;
case IMAGE_NT_OPTIONAL_HDR64_MAGIC: + /* All fields up to CheckSum are mandatory regardless of SizeOfOptionalHeader value */ + size = max( nt.FileHeader.SizeOfOptionalHeader, offsetof(IMAGE_OPTIONAL_HEADER64, CheckSum) ); + if (size < sizeof(nt.opt.hdr64)) memset( (char *)&nt.opt.hdr64 + size, 0, sizeof(nt.opt.hdr64) - size ); + if (!(cpu_mask & CPU_64BIT_MASK)) return STATUS_INVALID_IMAGE_WIN_64; switch (nt.FileHeader.Machine) {
-
Dmitry Timoshkov