Bug 1837242 - Fix the DLL blocklist code for older versions of Window…

…s. r=gstoll While fixing a crash in bug 1733532, we accidentally broke the DLL blocklist on older versions of Windows (Windows 7, some versions of Windows 10, and possibly Windows 8 and 8.1). This is currently preventing us from mitigating crashes with third-party injected DLLs, in particular the crash incident from bug 1837242. Considering the volumes involved, let's temporarily reintroduce bug 1733532 to ensure everyone has a working blocklist, and deal with bug 1733532 later. Differential Revision: https://phabricator.services.mozilla.com/D182917
bytecodealliance · Jul 6, 2023 · c1236bb · c1236bb
1 parent 9de8b59
commit c1236bb
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/browser/app/winlauncher/freestanding/DllBlocklist.cpp b/browser/app/winlauncher/freestanding/DllBlocklist.cpp
@@ -549,13 +549,6 @@ NTSTATUS NTAPI patched_NtMapViewOfSection(
     return stubStatus;
   }
 
-  if (!(aProtectionFlags & kPageExecutable)) {
-    // Bail out early if an executable mapping was not asked. In particular,
-    // we will not use stack buffers during calls to Thread32Next, which can
-    // result in crashes with third-party software (see bug 1733532).
-    return stubStatus;
-  }
-
   return AfterMapExecutableViewOfSection(aProcess, aBaseAddress, stubStatus);
 }
 

diff --git a/mozglue/misc/NativeNt.h b/mozglue/misc/NativeNt.h
@@ -972,6 +972,11 @@ class MOZ_RAII PEHeaders final {
     auto dirEnt =
         reinterpret_cast<PIMAGE_RESOURCE_DIRECTORY_ENTRY>(aCurLevel + 1) +
         aCurLevel->NumberOfNamedEntries;
+    if (!(IsWithinImage(dirEnt) &&
+          IsWithinImage(&dirEnt[aCurLevel->NumberOfIdEntries - 1].Id))) {
+      return nullptr;
+    }
+
     for (WORD i = 0; i < aCurLevel->NumberOfIdEntries; ++i) {
       if (dirEnt[i].Id == aId) {
         return &dirEnt[i];