You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2010/01/26 21:42:19 UTC
svn commit: r903406 -
/commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c
Author: mturk
Date: Tue Jan 26 20:42:13 2010
New Revision: 903406
URL: http://svn.apache.org/viewvc?rev=903406&view=rev
Log:
Guard against direct calls
Modified:
commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c
Modified: commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c?rev=903406&r1=903405&r2=903406&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c Tue Jan 26 20:42:13 2010
@@ -1403,6 +1403,17 @@
}
}
+static LPWSTR GetProcessExecutableName(HANDLE hProcess)
+{
+ WCHAR szName[8192];
+ DWORD cbName = 8192;
+
+ if (GetProcessImageFileNameW(hProcess, szName, cbName) < cbName)
+ return wcsdup(szName);
+ else
+ return NULL;
+}
+
#define MIN(a, b) (a) < (b) ? (a) : (b)
static LPWCH GetSafeEnvironmentBlock(LPCWSTR szExtVars)
@@ -1593,6 +1604,7 @@
LPWSTR *args = NULL;
LPWSTR *argv = NULL;
LPWSTR cmdline = NULL;
+ LPWSTR szCurrentImageName = NULL;
WCHAR szVmsMem[RESOURCE_NAME_LEN] = L"";
WCHAR szPassword[RESOURCE_USER_LEN] = L"";
HANDLE hJobObject = NULL;
@@ -1654,6 +1666,12 @@
DBG_PRINTF((__LINE__, "[ERROR] GetCurrentAccessToken err=%d", GetLastError()));
goto cleanup;
}
+ szCurrentImageName = GetProcessExecutableName(hCurrentProcess);
+ if (szCurrentImageName == NULL) {
+ rc = GWEXITERROR();
+ DBG_PRINTF((__LINE__, "[ERROR] GetProcessExecutableName err=%d", GetLastError()));
+ goto cleanup;
+ }
EnableSysPrivileges(hToken);
GetTokenSessionId(hToken, &dwSourceSessionId);
/* Supress unwanted session switch */
@@ -1847,6 +1865,7 @@
argc += 2;
}
else if (dwParentPid) {
+ LPWSTR szParentImageName;
if (!lpVmsPtr) {
/* We don't have the valid
* for the supplied parent
@@ -1861,6 +1880,20 @@
DBG_PRINTF((__LINE__, "[ERROR] OpenProcess %d err=%d", dwParentPid, GetLastError()));
goto cleanup;
}
+ szParentImageName = GetProcessExecutableName(hParent);
+ if (szParentImageName == NULL) {
+ rc = GWEXITERROR();
+ DBG_PRINTF((__LINE__, "[ERROR] GetProcessExecutableName %d err=%d", dwParentPid, GetLastError()));
+ goto cleanup;
+ }
+ if (wcscmp(szParentImageName, szCurrentImageName)) {
+ /* Somone tried to call us directly with shared memory data?
+ */
+ rc = RWEXITERROR(ERROR_ACCESS_DENIED);
+ DBG_PRINTF((__LINE__, "[ERROR] Different parent %S", szParentImageName));
+ goto cleanup;
+ }
+ x_free(szParentImageName);
if (!ReadProcessMemory(hParent, lpVmsPtr,
lpForkData, sizeof(FORK_DATA), NULL)) {
rc = GWEXITERROR();
@@ -2124,21 +2157,21 @@
* immediately from DllMain
*/
if (IS_VALID_HANDLE(hPpipe[PIPE_STDINP_RPC])) {
- int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDINP_RPC], _O_RDONLY);
+ int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDINP_RPC], _O_RDONLY | _O_BINARY);
if (fd > 0)
- dup2(fd, 0);
+ fd = dup2(fd, 0);
hPpipe[PIPE_STDINP_RPC] = NULL;
}
if (IS_VALID_HANDLE(hPpipe[PIPE_STDOUT_RPC])) {
- int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDOUT_RPC], _O_WRONLY);
+ int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDOUT_RPC], _O_WRONLY | _O_BINARY);
if (fd > 1)
- dup2(fd, 1);
+ fd = dup2(fd, 1);
hPpipe[PIPE_STDOUT_RPC] = NULL;
}
if (IS_VALID_HANDLE(hPpipe[PIPE_STDERR_RPC])) {
- int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDERR_RPC], _O_WRONLY);
+ int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDERR_RPC], _O_WRONLY | _O_BINARY);
if (fd > 2)
- dup2(fd, 2);
+ fd = dup2(fd, 2);
hPpipe[PIPE_STDERR_RPC] = NULL;
}
DBG_PRINTF((__LINE__, "[INFO] LoadLibrary dll=%S func=%s", argv[0], lpForkData->szDllEntry));
@@ -2604,6 +2637,7 @@
/* Close OVERLAPPED events */
SAFE_CLOSE_HANDLE(sbOvlp[i].o.hEvent);
}
+ x_free(szCurrentImageName);
FreeArrayAndElements(args);
if (lpForkData) {
VirtualFree(lpForkData, 0, MEM_RELEASE);