https://git.reactos.org/?p=reactos.git;a=commitdiff;h=967f5b98983928e1884e824371e7002dbd417308
commit 967f5b98983928e1884e824371e7002dbd417308
Author: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
AuthorDate: Fri Sep 30 20:40:43 2022 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
CommitDate: Tue Oct 4 23:14:35 2022 +0200
[WINLOGON] Protect function calls to '3rd-party' DLLs by SEH. (#4743)
This includes:
- Notification dll calling in CallNotificationDll().
- winmm.dll API calling (e.g. PlaySound) in PlaySoundRoutine().
Also:
- Fix dwKeyName usage in RegEnumKeyExW() specifying a number of
*characters*.
---
base/system/winlogon/CMakeLists.txt | 2 +-
base/system/winlogon/notify.c | 44 +++++++++++++++++++++++--------------
base/system/winlogon/sas.c | 26 +++++++++++++---------
base/system/winlogon/winlogon.h | 9 ++++++--
4 files changed, 51 insertions(+), 30 deletions(-)
diff --git a/base/system/winlogon/CMakeLists.txt
b/base/system/winlogon/CMakeLists.txt
index 06ff9241c91..18f9f79a328 100644
--- a/base/system/winlogon/CMakeLists.txt
+++ b/base/system/winlogon/CMakeLists.txt
@@ -21,7 +21,7 @@ list(APPEND SOURCE
add_rc_deps(winlogon.rc ${CMAKE_CURRENT_SOURCE_DIR}/res/winlogon.ico)
add_executable(winlogon ${SOURCE} winlogon.rc)
-target_link_libraries(winlogon wine)
+target_link_libraries(winlogon wine ${PSEH_LIB})
set_module_type(winlogon win32gui)
add_importlibs(winlogon user32 advapi32 userenv secur32 rpcrt4 mpr msvcrt
kernel32 ntdll)
add_pch(winlogon winlogon.h SOURCE)
diff --git a/base/system/winlogon/notify.c b/base/system/winlogon/notify.c
index d84e06af47f..3aa3e0d98ec 100644
--- a/base/system/winlogon/notify.c
+++ b/base/system/winlogon/notify.c
@@ -278,7 +278,7 @@ InitNotifications(VOID)
dwIndex = 0;
for(;;)
{
- dwKeyName = 80 * sizeof(WCHAR);
+ dwKeyName = ARRAYSIZE(szKeyName);
lError = RegEnumKeyExW(hNotifyKey,
dwIndex,
szKeyName,
@@ -312,11 +312,8 @@ CallNotificationDll(
NOTIFICATION_TYPE Type,
PWLX_NOTIFICATION_INFO pInfo)
{
- HKEY hDllKey = NULL;
- HMODULE hModule = NULL;
+ HMODULE hModule;
CHAR szFuncBuffer[128];
- DWORD dwSize;
- DWORD dwType;
DWORD dwError = ERROR_SUCCESS;
PWLX_NOTIFY_HANDLER pNotifyHandler;
@@ -338,6 +335,10 @@ CallNotificationDll(
}
else
{
+ HKEY hDllKey;
+ DWORD dwSize;
+ DWORD dwType;
+
dwError = RegOpenKeyExW(hNotifyKey,
NotificationDll->pszKeyName,
0,
@@ -356,23 +357,32 @@ CallNotificationDll(
&dwType,
(PBYTE)szFuncBuffer,
&dwSize);
+
+ RegCloseKey(hDllKey);
}
- if (dwError == ERROR_SUCCESS)
- {
- hModule = LoadLibraryW(NotificationDll->pszDllName);
- if (hModule != NULL)
- {
- pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule,
szFuncBuffer);
- if (pNotifyHandler != NULL)
- pNotifyHandler(pInfo);
+ if (dwError != ERROR_SUCCESS)
+ return;
- FreeLibrary(hModule);
- }
+ hModule = LoadLibraryW(NotificationDll->pszDllName);
+ if (!hModule)
+ return;
+
+ pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule,
szFuncBuffer);
+
+ _SEH2_TRY
+ {
+ if (pNotifyHandler)
+ pNotifyHandler(pInfo);
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ ERR("WL: Exception while running notification %S!%s, Status 0x%08lx\n",
+ NotificationDll->pszDllName, szFuncBuffer,
_SEH2_GetExceptionCode());
}
+ _SEH2_END;
- if (hDllKey != NULL)
- RegCloseKey(hDllKey);
+ FreeLibrary(hModule);
}
diff --git a/base/system/winlogon/sas.c b/base/system/winlogon/sas.c
index a78733b7771..bc37d5db49d 100644
--- a/base/system/winlogon/sas.c
+++ b/base/system/winlogon/sas.c
@@ -251,30 +251,36 @@ PlaySoundRoutine(
BOOL Ret = FALSE;
hLibrary = LoadLibraryW(L"winmm.dll");
- if (hLibrary)
+ if (!hLibrary)
+ return FALSE;
+
+ waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary,
"waveOutGetNumDevs");
+ Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW");
+
+ _SEH2_TRY
{
- waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary,
"waveOutGetNumDevs");
if (waveOutGetNumDevs)
{
NumDevs = waveOutGetNumDevs();
if (!NumDevs)
{
if (!bLogon)
- {
Beep(440, 125);
- }
- FreeLibrary(hLibrary);
- return FALSE;
+ _SEH2_LEAVE;
}
}
- Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW");
if (Play)
- {
Ret = Play(FileName, NULL, Flags);
- }
- FreeLibrary(hLibrary);
}
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ ERR("WL: Exception while playing sound '%S', Status 0x%08lx\n",
+ FileName ? FileName : L"(n/a)", _SEH2_GetExceptionCode());
+ }
+ _SEH2_END;
+
+ FreeLibrary(hLibrary);
return Ret;
}
diff --git a/base/system/winlogon/winlogon.h b/base/system/winlogon/winlogon.h
index 668fd3e0ad2..3dcf6fda0c3 100644
--- a/base/system/winlogon/winlogon.h
+++ b/base/system/winlogon/winlogon.h
@@ -26,10 +26,12 @@
#ifndef __WINLOGON_MAIN_H__
#define __WINLOGON_MAIN_H__
-#include <stdarg.h>
-
#define USE_GETLASTINPUTINFO
+
+#include <stdarg.h>
+
+/* PSDK/NDK Headers */
#define WIN32_NO_STATUS
#include <windef.h>
#include <winbase.h>
@@ -41,6 +43,9 @@
#include <ndk/exfuncs.h>
#include <strsafe.h>
+/* PSEH for SEH Support */
+#include <pseh/pseh2.h>
+
#include <reactos/undocuser.h>
#include <reactos/undocmpr.h>
