=?UTF-8?Q?Andr=C3=A9=20Hentschel=20?=: ntdll: Randomize security cookie when available.
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Jul 8 09:51:23 CDT 2015
Module: wine
Branch: master
Commit: 7e1c886fbfd362376b6aebe5381ab7d4433c3371
URL: http://source.winehq.org/git/wine.git/?a=commit;h=7e1c886fbfd362376b6aebe5381ab7d4433c3371
Author: André Hentschel <nerv at dawncrow.de>
Date: Tue Jul 7 19:50:25 2015 +0200
ntdll: Randomize security cookie when available.
---
dlls/ntdll/virtual.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index bc3f7cd..410e060 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -1067,6 +1067,8 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
IMAGE_SECTION_HEADER sections[96];
IMAGE_SECTION_HEADER *sec;
IMAGE_DATA_DIRECTORY *imports;
+ IMAGE_LOAD_CONFIG_DIRECTORY *loadcfg;
+ ULONG loadcfg_size;
NTSTATUS status = STATUS_CONFLICTING_ADDRESSES;
int i;
off_t pos;
@@ -1278,6 +1280,24 @@ static NTSTATUS map_image( HANDLE hmapping, int fd, char *base, SIZE_T total_siz
}
}
+ /* randomize security cookie */
+
+ loadcfg = RtlImageDirectoryEntryToData( (HMODULE)ptr, TRUE,
+ IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &loadcfg_size );
+ if (loadcfg && loadcfg_size >= sizeof(*loadcfg))
+ {
+ static ULONG seed;
+ ULONG_PTR *cookie = (ULONG_PTR *)loadcfg->SecurityCookie;
+
+ if (!seed) seed = NtGetTickCount() ^ GetCurrentProcessId();
+ if (cookie)
+ {
+ *cookie = RtlRandom( &seed );
+ if (sizeof(ULONG_PTR) > sizeof(ULONG)) /* fill up, but keep the highest word clear */
+ *cookie ^= (ULONG_PTR)RtlRandom( &seed ) << 16;
+ }
+ }
+
/* set the image protections */
VIRTUAL_SetProt( view, ptr, ROUND_SIZE( 0, header_size ), VPROT_COMMITTED | VPROT_READ );
More information about the wine-cvs
mailing list