Return-Path: Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: (qmail 51331 invoked from network); 26 Jan 2010 20:42:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 26 Jan 2010 20:42:44 -0000 Received: (qmail 56209 invoked by uid 500); 26 Jan 2010 20:42:44 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 56143 invoked by uid 500); 26 Jan 2010 20:42:44 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 56134 invoked by uid 99); 26 Jan 2010 20:42:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jan 2010 20:42:44 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jan 2010 20:42:41 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 46F24238890A; Tue, 26 Jan 2010 20:42:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r903406 - /commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c Date: Tue, 26 Jan 2010 20:42:19 -0000 To: commits@commons.apache.org From: mturk@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100126204220.46F24238890A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mturk Date: Tue Jan 26 20:42:13 2010 New Revision: 903406 URL: http://svn.apache.org/viewvc?rev=903406&view=rev Log: Guard against direct calls Modified: commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c Modified: commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c?rev=903406&r1=903405&r2=903406&view=diff ============================================================================== --- commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c (original) +++ commons/sandbox/runtime/trunk/src/main/native/support/win32/wsuexec.c Tue Jan 26 20:42:13 2010 @@ -1403,6 +1403,17 @@ } } +static LPWSTR GetProcessExecutableName(HANDLE hProcess) +{ + WCHAR szName[8192]; + DWORD cbName = 8192; + + if (GetProcessImageFileNameW(hProcess, szName, cbName) < cbName) + return wcsdup(szName); + else + return NULL; +} + #define MIN(a, b) (a) < (b) ? (a) : (b) static LPWCH GetSafeEnvironmentBlock(LPCWSTR szExtVars) @@ -1593,6 +1604,7 @@ LPWSTR *args = NULL; LPWSTR *argv = NULL; LPWSTR cmdline = NULL; + LPWSTR szCurrentImageName = NULL; WCHAR szVmsMem[RESOURCE_NAME_LEN] = L""; WCHAR szPassword[RESOURCE_USER_LEN] = L""; HANDLE hJobObject = NULL; @@ -1654,6 +1666,12 @@ DBG_PRINTF((__LINE__, "[ERROR] GetCurrentAccessToken err=%d", GetLastError())); goto cleanup; } + szCurrentImageName = GetProcessExecutableName(hCurrentProcess); + if (szCurrentImageName == NULL) { + rc = GWEXITERROR(); + DBG_PRINTF((__LINE__, "[ERROR] GetProcessExecutableName err=%d", GetLastError())); + goto cleanup; + } EnableSysPrivileges(hToken); GetTokenSessionId(hToken, &dwSourceSessionId); /* Supress unwanted session switch */ @@ -1847,6 +1865,7 @@ argc += 2; } else if (dwParentPid) { + LPWSTR szParentImageName; if (!lpVmsPtr) { /* We don't have the valid * for the supplied parent @@ -1861,6 +1880,20 @@ DBG_PRINTF((__LINE__, "[ERROR] OpenProcess %d err=%d", dwParentPid, GetLastError())); goto cleanup; } + szParentImageName = GetProcessExecutableName(hParent); + if (szParentImageName == NULL) { + rc = GWEXITERROR(); + DBG_PRINTF((__LINE__, "[ERROR] GetProcessExecutableName %d err=%d", dwParentPid, GetLastError())); + goto cleanup; + } + if (wcscmp(szParentImageName, szCurrentImageName)) { + /* Somone tried to call us directly with shared memory data? + */ + rc = RWEXITERROR(ERROR_ACCESS_DENIED); + DBG_PRINTF((__LINE__, "[ERROR] Different parent %S", szParentImageName)); + goto cleanup; + } + x_free(szParentImageName); if (!ReadProcessMemory(hParent, lpVmsPtr, lpForkData, sizeof(FORK_DATA), NULL)) { rc = GWEXITERROR(); @@ -2124,21 +2157,21 @@ * immediately from DllMain */ if (IS_VALID_HANDLE(hPpipe[PIPE_STDINP_RPC])) { - int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDINP_RPC], _O_RDONLY); + int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDINP_RPC], _O_RDONLY | _O_BINARY); if (fd > 0) - dup2(fd, 0); + fd = dup2(fd, 0); hPpipe[PIPE_STDINP_RPC] = NULL; } if (IS_VALID_HANDLE(hPpipe[PIPE_STDOUT_RPC])) { - int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDOUT_RPC], _O_WRONLY); + int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDOUT_RPC], _O_WRONLY | _O_BINARY); if (fd > 1) - dup2(fd, 1); + fd = dup2(fd, 1); hPpipe[PIPE_STDOUT_RPC] = NULL; } if (IS_VALID_HANDLE(hPpipe[PIPE_STDERR_RPC])) { - int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDERR_RPC], _O_WRONLY); + int fd = _open_osfhandle((ptrdiff_t)hPpipe[PIPE_STDERR_RPC], _O_WRONLY | _O_BINARY); if (fd > 2) - dup2(fd, 2); + fd = dup2(fd, 2); hPpipe[PIPE_STDERR_RPC] = NULL; } DBG_PRINTF((__LINE__, "[INFO] LoadLibrary dll=%S func=%s", argv[0], lpForkData->szDllEntry)); @@ -2604,6 +2637,7 @@ /* Close OVERLAPPED events */ SAFE_CLOSE_HANDLE(sbOvlp[i].o.hEvent); } + x_free(szCurrentImageName); FreeArrayAndElements(args); if (lpForkData) { VirtualFree(lpForkData, 0, MEM_RELEASE);