https://git.reactos.org/?p=reactos.git;a=commitdiff;h=967f5b98983928e1884e8… commit 967f5b98983928e1884e824371e7002dbd417308 Author: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; AuthorDate: Fri Sep 30 20:40:43 2022 +0200 Commit: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; CommitDate: Tue Oct 4 23:14:35 2022 +0200 [WINLOGON] Protect function calls to '3rd-party' DLLs by SEH. (#4743) This includes: - Notification dll calling in CallNotificationDll(). - winmm.dll API calling (e.g. PlaySound) in PlaySoundRoutine(). Also: - Fix dwKeyName usage in RegEnumKeyExW() specifying a number of *characters*. --- base/system/winlogon/CMakeLists.txt | 2 +- base/system/winlogon/notify.c | 44 +++++++++++++++++++++++-------------- base/system/winlogon/sas.c | 26 +++++++++++++--------- base/system/winlogon/winlogon.h | 9 ++++++-- 4 files changed, 51 insertions(+), 30 deletions(-) diff --git a/base/system/winlogon/CMakeLists.txt b/base/system/winlogon/CMakeLists.txt index 06ff9241c91..18f9f79a328 100644 --- a/base/system/winlogon/CMakeLists.txt +++ b/base/system/winlogon/CMakeLists.txt @@ -21,7 +21,7 @@ list(APPEND SOURCE add_rc_deps(winlogon.rc ${CMAKE_CURRENT_SOURCE_DIR}/res/winlogon.ico) add_executable(winlogon ${SOURCE} winlogon.rc) -target_link_libraries(winlogon wine) +target_link_libraries(winlogon wine ${PSEH_LIB}) set_module_type(winlogon win32gui) add_importlibs(winlogon user32 advapi32 userenv secur32 rpcrt4 mpr msvcrt kernel32 ntdll) add_pch(winlogon winlogon.h SOURCE) diff --git a/base/system/winlogon/notify.c b/base/system/winlogon/notify.c index d84e06af47f..3aa3e0d98ec 100644 --- a/base/system/winlogon/notify.c +++ b/base/system/winlogon/notify.c @@ -278,7 +278,7 @@ InitNotifications(VOID) dwIndex = 0; for(;;) { - dwKeyName = 80 * sizeof(WCHAR); + dwKeyName = ARRAYSIZE(szKeyName); lError = RegEnumKeyExW(hNotifyKey, dwIndex, szKeyName, @@ -312,11 +312,8 @@ CallNotificationDll( NOTIFICATION_TYPE Type, PWLX_NOTIFICATION_INFO pInfo) { - HKEY hDllKey = NULL; - HMODULE hModule = NULL; + HMODULE hModule; CHAR szFuncBuffer[128]; - DWORD dwSize; - DWORD dwType; DWORD dwError = ERROR_SUCCESS; PWLX_NOTIFY_HANDLER pNotifyHandler; @@ -338,6 +335,10 @@ CallNotificationDll( } else { + HKEY hDllKey; + DWORD dwSize; + DWORD dwType; + dwError = RegOpenKeyExW(hNotifyKey, NotificationDll->pszKeyName, 0, @@ -356,23 +357,32 @@ CallNotificationDll( &dwType, (PBYTE)szFuncBuffer, &dwSize); + + RegCloseKey(hDllKey); } - if (dwError == ERROR_SUCCESS) - { - hModule = LoadLibraryW(NotificationDll->pszDllName); - if (hModule != NULL) - { - pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule, szFuncBuffer); - if (pNotifyHandler != NULL) - pNotifyHandler(pInfo); + if (dwError != ERROR_SUCCESS) + return; - FreeLibrary(hModule); - } + hModule = LoadLibraryW(NotificationDll->pszDllName); + if (!hModule) + return; + + pNotifyHandler = (PWLX_NOTIFY_HANDLER)GetProcAddress(hModule, szFuncBuffer); + + _SEH2_TRY + { + if (pNotifyHandler) + pNotifyHandler(pInfo); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + ERR("WL: Exception while running notification %S!%s, Status 0x%08lx\n", + NotificationDll->pszDllName, szFuncBuffer, _SEH2_GetExceptionCode()); } + _SEH2_END; - if (hDllKey != NULL) - RegCloseKey(hDllKey); + FreeLibrary(hModule); } diff --git a/base/system/winlogon/sas.c b/base/system/winlogon/sas.c index a78733b7771..bc37d5db49d 100644 --- a/base/system/winlogon/sas.c +++ b/base/system/winlogon/sas.c @@ -251,30 +251,36 @@ PlaySoundRoutine( BOOL Ret = FALSE; hLibrary = LoadLibraryW(L"winmm.dll"); - if (hLibrary) + if (!hLibrary) + return FALSE; + + waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary, "waveOutGetNumDevs"); + Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW"); + + _SEH2_TRY { - waveOutGetNumDevs = (WAVEOUTGETNUMDEVS)GetProcAddress(hLibrary, "waveOutGetNumDevs"); if (waveOutGetNumDevs) { NumDevs = waveOutGetNumDevs(); if (!NumDevs) { if (!bLogon) - { Beep(440, 125); - } - FreeLibrary(hLibrary); - return FALSE; + _SEH2_LEAVE; } } - Play = (PLAYSOUNDW)GetProcAddress(hLibrary, "PlaySoundW"); if (Play) - { Ret = Play(FileName, NULL, Flags); - } - FreeLibrary(hLibrary); } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + ERR("WL: Exception while playing sound '%S', Status 0x%08lx\n", + FileName ? FileName : L"(n/a)", _SEH2_GetExceptionCode()); + } + _SEH2_END; + + FreeLibrary(hLibrary); return Ret; } diff --git a/base/system/winlogon/winlogon.h b/base/system/winlogon/winlogon.h index 668fd3e0ad2..3dcf6fda0c3 100644 --- a/base/system/winlogon/winlogon.h +++ b/base/system/winlogon/winlogon.h @@ -26,10 +26,12 @@ #ifndef __WINLOGON_MAIN_H__ #define __WINLOGON_MAIN_H__ -#include <stdarg.h> - #define USE_GETLASTINPUTINFO + +#include <stdarg.h> + +/* PSDK/NDK Headers */ #define WIN32_NO_STATUS #include <windef.h> #include <winbase.h> @@ -41,6 +43,9 @@ #include <ndk/exfuncs.h> #include <strsafe.h> +/* PSEH for SEH Support */ +#include <pseh/pseh2.h> + #include <reactos/undocuser.h> #include <reactos/undocmpr.h>