Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-25 12:14:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

[WINLOGON] Protect function calls to '3rd-party' DLLs by SEH. (#4743)

Browse source 
This includes:
- Notification dll calling in CallNotificationDll().
- winmm.dll API calling (e.g. PlaySound) in PlaySoundRoutine().

Also:
- Fix dwKeyName usage in RegEnumKeyExW() specifying a number of *characters*.
This commit is contained in:
Hermès Bélusca-Maïto 2022-09-30 20:40:43 +02:00
parent ab3e0002a6
commit 967f5b9898
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
4 changed files with 54 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
base/system/winlogon/CMakeLists.txt
View file

@ -21,7 +21,7 @@ list(APPEND SOURCE
add_rc_deps(winlogon.rc ${CMAKE_CURRENT_SOURCE_DIR}/res/winlogon.ico) add_rc_deps(winlogon.rc ${CMAKE_CURRENT_SOURCE_DIR}/res/winlogon.ico)
add_executable(winlogon ${SOURCE} winlogon.rc) add_executable(winlogon ${SOURCE} winlogon.rc)
target_link_libraries(winlogon wine) target_link_libraries(winlogon wine ${PSEH_LIB})
set_module_type(winlogon win32gui) set_module_type(winlogon win32gui)
add_importlibs(winlogon user32 advapi32 userenv secur32 rpcrt4 mpr msvcrt kernel32 ntdll) add_importlibs(winlogon user32 advapi32 userenv secur32 rpcrt4 mpr msvcrt kernel32 ntdll)
add_pch(winlogon winlogon.h SOURCE) add_pch(winlogon winlogon.h SOURCE)

50
base/system/winlogon/notify.c
View file

@ -278,7 +278,7 @@ InitNotifications(VOID)
dwIndex = 0; dwIndex = 0;
for(;;) for(;;)
{ {
dwKeyName = 80 * sizeof(WCHAR); dwKeyName = ARRAYSIZE(szKeyName);
lError = RegEnumKeyExW(hNotifyKey, lError = RegEnumKeyExW(hNotifyKey,
dwIndex, dwIndex,
szKeyName, szKeyName,
@ -312,11 +312,8 @@ CallNotificationDll(
NOTIFICATION_TYPE Type, NOTIFICATION_TYPE Type,
PWLX_NOTIFICATION_INFO pInfo) PWLX_NOTIFICATION_INFO pInfo)
{ {
HKEY hDllKey = NULL; HMODULE hModule;
HMODULE hModule = NULL;
CHAR szFuncBuffer[128]; CHAR szFuncBuffer[128];
DWORD dwSize;
DWORD dwType;
DWORD dwError = ERROR_SUCCESS; DWORD dwError = ERROR_SUCCESS;
PWLX_NOTIFY_HANDLER pNotifyHandler; PWLX_NOTIFY_HANDLER pNotifyHandler;
@ -338,6 +335,10 @@ CallNotificationDll(
} }
else else
{ {
HKEY hDllKey;
DWORD dwSize;
DWORD dwType;
dwError = RegOpenKeyExW(hNotifyKey, dwError = RegOpenKeyExW(hNotifyKey,
NotificationDll->pszKeyName, NotificationDll->pszKeyName,
0, 0,
@ -356,23 +357,32 @@ CallNotificationDll(
&dwType, &dwType,
(PBYTE)szFuncBuffer, (PBYTE)szFuncBuffer,
&dwSize); &dwSize);
}
if (dwError == ERROR_SUCCESS)
{
hModule = LoadLibraryW(NotificationDll->pszDllName);
if (hModule != NULL)
{
pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule, szFuncBuffer);
if (pNotifyHandler != NULL)
pNotifyHandler(pInfo);
FreeLibrary(hModule);
}
}
if (hDllKey != NULL)
RegCloseKey(hDllKey); RegCloseKey(hDllKey);
}
if (dwError != ERROR_SUCCESS)
return;
hModule = LoadLibraryW(NotificationDll->pszDllName);
if (!hModule)
return;
pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule, szFuncBuffer);
_SEH2_TRY
{
if (pNotifyHandler)
pNotifyHandler(pInfo);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
ERR("WL: Exception while running notification %S!%s, Status 0x%08lx\n",
NotificationDll->pszDllName, szFuncBuffer, _SEH2_GetExceptionCode());
}
_SEH2_END;
FreeLibrary(hModule);
} }

26
base/system/winlogon/sas.c
View file

@ -251,30 +251,36 @@ PlaySoundRoutine(
BOOL Ret = FALSE; BOOL Ret = FALSE;
hLibrary = LoadLibraryW(L"winmm.dll"); hLibrary = LoadLibraryW(L"winmm.dll");
if (hLibrary) if (!hLibrary)
return FALSE;
waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary, "waveOutGetNumDevs");
Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW");
_SEH2_TRY
{ {
waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary, "waveOutGetNumDevs");
if (waveOutGetNumDevs) if (waveOutGetNumDevs)
{ {
NumDevs = waveOutGetNumDevs(); NumDevs = waveOutGetNumDevs();
if (!NumDevs) if (!NumDevs)
{ {
if (!bLogon) if (!bLogon)
{
Beep(440, 125); Beep(440, 125);
} _SEH2_LEAVE;
FreeLibrary(hLibrary);
return FALSE;
} }
} }
Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW");
if (Play) if (Play)
{
Ret = Play(FileName, NULL, Flags); Ret = Play(FileName, NULL, Flags);
}
FreeLibrary(hLibrary);
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
ERR("WL: Exception while playing sound '%S', Status 0x%08lx\n",
FileName ? FileName : L"(n/a)", _SEH2_GetExceptionCode());
}
_SEH2_END;
FreeLibrary(hLibrary);
return Ret; return Ret;
} }

9
base/system/winlogon/winlogon.h
View file

@ -26,10 +26,12 @@
#ifndef __WINLOGON_MAIN_H__ #ifndef __WINLOGON_MAIN_H__
#define __WINLOGON_MAIN_H__ #define __WINLOGON_MAIN_H__
#include <stdarg.h>
#define USE_GETLASTINPUTINFO #define USE_GETLASTINPUTINFO
#include <stdarg.h>
/* PSDK/NDK Headers */
#define WIN32_NO_STATUS #define WIN32_NO_STATUS
#include <windef.h> #include <windef.h>
#include <winbase.h> #include <winbase.h>
@ -41,6 +43,9 @@
#include <ndk/exfuncs.h> #include <ndk/exfuncs.h>
#include <strsafe.h> #include <strsafe.h>
/* PSEH for SEH Support */
#include <pseh/pseh2.h>
#include <reactos/undocuser.h> #include <reactos/undocuser.h>
#include <reactos/undocmpr.h> #include <reactos/undocmpr.h>