[PATCH 3/3] vwin32.vxd: Limit IOCTLs VWIN32_DIOC_DOS_IOCTL and VWIN32_DIOC_DOS_DRIVEINFO

26 Apr 2025

From: Pali Rohár pali@kernel.org
vwin32 IOCTL VWIN32_DIOC_DOS_IOCTL accepts only functions 4400h - 4411h and
vwin32 IOCTL VWIN32_DIOC_DOS_DRIVEINFO accepts only functions 730x.
Add missing checks and TRACE logs.
Signed-off-by: Pali Rohár pali@kernel.org
---
 dlls/vwin32.vxd/vwin32.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/dlls/vwin32.vxd/vwin32.c b/dlls/vwin32.vxd/vwin32.c
index c5a7c98212e..ae693bdf8d1 100644
--- a/dlls/vwin32.vxd/vwin32.c
+++ b/dlls/vwin32.vxd/vwin32.c
@@ -135,8 +135,20 @@ BOOL WINAPI VWIN32_DeviceIoControl(DWORD dwIoControlCode,
switch (dwIoControlCode)
             {
-            case VWIN32_DIOC_DOS_IOCTL: /* Call int 21h */
+            case VWIN32_DIOC_DOS_IOCTL: /* Call int 21h 4400h - 4411h */
+                if ((pIn->reg_EAX & 0xff00) != 0x4400)
+                {
+                    TRACE( "Invalid VWIN32_DIOC_DOS_IOCTL function 0x%lx\n", (pIn->reg_EAX & 0xffff) );
+                    return FALSE;
+                }
+                intnum = 0x21;
+                break;
             case VWIN32_DIOC_DOS_DRIVEINFO:        /* Call int 21h 730x */
+                if ((pIn->reg_EAX & 0xff00) != 0x7300)
+                {
+                    TRACE( "Invalid VWIN32_DIOC_DOS_DRIVEINFO function 0x%lx\n", (pIn->reg_EAX & 0xffff) );
+                    return FALSE;
+                }
                 intnum = 0x21;
                 break;
             case VWIN32_DIOC_DOS_INT13:
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/7907

    

2025

2024

2023

2022

[PATCH 3/3] vwin32.vxd: Limit IOCTLs VWIN32_DIOC_DOS_IOCTL and VWIN32_DIOC_DOS_DRIVEINFO