46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
|
|
# HG changeset patch
|
|
# User Greg Stoll <gstoll@mozilla.com>
|
|
# Date 1679671320 0
|
|
# Node ID 003b682fc8cd9836a32dbdd9a9e5061937b07b9f
|
|
# Parent 6d97efe0c291bc2cd2a192a732ec5e3389626653
|
|
Bug 1818762 - update our implementation of IsValidImageSection r=yjuglaret
|
|
|
|
Differential Revision: https://phabricator.services.mozilla.com/D173328
|
|
|
|
diff --git a/sandbox/win/src/sandbox_nt_util.cc b/sandbox/win/src/sandbox_nt_util.cc
|
|
--- a/sandbox/win/src/sandbox_nt_util.cc
|
|
+++ b/sandbox/win/src/sandbox_nt_util.cc
|
|
@@ -399,16 +399,31 @@ bool IsValidImageSection(HANDLE section,
|
|
VERIFY_SUCCESS(g_nt.Close(query_section));
|
|
|
|
if (!NT_SUCCESS(ret) || sizeof(basic_info) != bytes_returned)
|
|
return false;
|
|
|
|
if (!(basic_info.Attributes & SEC_IMAGE))
|
|
return false;
|
|
|
|
+ // Windows 10 2009+ may open PEs as SEC_IMAGE_NO_EXECUTE in non-dll-loading
|
|
+ // paths which looks identical to dll-loading unless we check if the section
|
|
+ // handle has execute rights.
|
|
+ // Avoid memset inserted by -ftrivial-auto-var-init=pattern.
|
|
+ STACK_UNINITIALIZED OBJECT_BASIC_INFORMATION obj_info;
|
|
+ ULONG obj_size_returned;
|
|
+ ret = g_nt.QueryObject(section, ObjectBasicInformation, &obj_info,
|
|
+ sizeof(obj_info), &obj_size_returned);
|
|
+
|
|
+ if (!NT_SUCCESS(ret) || sizeof(obj_info) != obj_size_returned)
|
|
+ return false;
|
|
+
|
|
+ if (!(obj_info.GrantedAccess & SECTION_MAP_EXECUTE))
|
|
+ return false;
|
|
+
|
|
return true;
|
|
}
|
|
|
|
UNICODE_STRING* AnsiToUnicode(const char* string) {
|
|
ANSI_STRING ansi_string;
|
|
ansi_string.Length = static_cast<USHORT>(g_nt.strlen(string));
|
|
ansi_string.MaximumLength = ansi_string.Length + 1;
|
|
ansi_string.Buffer = const_cast<char*>(string);
|
|
|