https://git.reactos.org/?p=reactos.git;a=commitdiff;h=db419efbf26c78e39fb57bcaf4f9e4d915d0c96e
commit db419efbf26c78e39fb57bcaf4f9e4d915d0c96e
Author: Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Mon Aug 26 10:31:18 2024 +0300
Commit: Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Tue Sep 24 13:32:28 2024 +0300
[WIN32K] Fix protection of USER heap
Create the section with PAGE_READWRITE, not PAGE_EXECUTE_READWRITE and map
in user mode with PAGE_READONLY, not PAGE_EXECUTE_READ.
Original commit was ea5261f in 2006. The comments suggest that back then
the heap code had issues with it, which is not the case anymore.
---
win32ss/user/ntuser/desktop.c | 2 +-
win32ss/user/ntuser/usrheap.c | 12 ++++++------
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/win32ss/user/ntuser/desktop.c b/win32ss/user/ntuser/desktop.c
index ab8e87daa88..645717a7b1f 100644
--- a/win32ss/user/ntuser/desktop.c
+++ b/win32ss/user/ntuser/desktop.c
@@ -3262,7 +3262,7 @@ IntMapDesktopView(IN PDESKTOP pdesk)
&ViewSize,
ViewUnmap,
SEC_NO_CHANGE,
- PAGE_EXECUTE_READ); /* Would prefer
PAGE_READONLY, but thanks to RTL heaps... */
+ PAGE_READONLY);
if (!NT_SUCCESS(Status))
{
ERR("Failed to map desktop\n");
diff --git a/win32ss/user/ntuser/usrheap.c b/win32ss/user/ntuser/usrheap.c
index f668331b374..b3515c5a76b 100644
--- a/win32ss/user/ntuser/usrheap.c
+++ b/win32ss/user/ntuser/usrheap.c
@@ -81,7 +81,7 @@ IntUserHeapCommitRoutine(
&ViewSize,
ViewUnmap,
SEC_NO_CHANGE,
- PAGE_EXECUTE_READ); /* Would prefer
PAGE_READONLY, but thanks to RTL heaps... */
+ PAGE_READONLY);
if (!NT_SUCCESS(Status))
return Status;
@@ -97,7 +97,7 @@ IntUserHeapCommitRoutine(
0,
CommitSize,
MEM_COMMIT,
- PAGE_EXECUTE_READ);
+ PAGE_READONLY);
if (NT_SUCCESS(Status))
{
@@ -139,7 +139,7 @@ IntUserHeapCreate(IN PVOID SectionObject,
&ViewSize,
ViewUnmap,
SEC_NO_CHANGE,
- PAGE_EXECUTE_READ); /* Would prefer
PAGE_READONLY, but thanks to RTL heaps... */
+ PAGE_READONLY);
if (!NT_SUCCESS(Status))
return NULL;
@@ -148,7 +148,7 @@ IntUserHeapCreate(IN PVOID SectionObject,
0,
&ViewSize,
MEM_COMMIT,
- PAGE_EXECUTE_READ); /* Would prefer
PAGE_READONLY, but thanks to RTL heaps... */
+ PAGE_READONLY);
MmUnmapViewOfSection(PsGetCurrentProcess(),
MappedView);
@@ -193,7 +193,7 @@ UserCreateHeap(OUT PVOID *SectionObject,
SECTION_ALL_ACCESS,
NULL,
&SizeHeap,
- PAGE_EXECUTE_READWRITE, /* Would prefer
PAGE_READWRITE, but thanks to RTL heaps... */
+ PAGE_READWRITE,
SEC_RESERVE | 1,
NULL,
NULL);
@@ -315,7 +315,7 @@ MapGlobalUserHeap(IN PEPROCESS Process,
&ViewSize,
ViewUnmap,
SEC_NO_CHANGE,
- PAGE_EXECUTE_READ); /* Would prefer
PAGE_READONLY, but thanks to RTL heaps... */
+ PAGE_READONLY);
if (!NT_SUCCESS(Status))
{
ERR_CH(UserProcess, "MapGlobalUserHeap - Failed to map the global
heap! 0x%x\n", Status);
