From: Aleksandar Andrejevic <aandrejevic@reactos.org>
Date: Sun, 14 Jun 2015 04:07:11 +0000 (+0000)
Subject: [NTOS|MM]
X-Git-Tag: backups/colins-printing-for-freedom@73041~15^2~100
X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=7d7bef9d4ac41df57520f54976bfe04a0ac06a9d

[NTOS|MM]
Addendum to 68126. The loader should return STATUS_INVALID_IMAGE_PROTECT
if e_lfanew is 0, or if the DOS stub appears too large due to a bad
e_lfanew. (Note: All plain MZ executables have an invalid e_lfanew)


svn path=/trunk/; revision=68127
---

diff --git a/reactos/ntoskrnl/mm/section.c b/reactos/ntoskrnl/mm/section.c
index 02ae3615eba..a97d6689c0f 100644
--- a/reactos/ntoskrnl/mm/section.c
+++ b/reactos/ntoskrnl/mm/section.c
@@ -241,13 +241,13 @@ NTSTATUS NTAPI PeFmtCreateSection(IN CONST VOID * FileHeader,
     if(pidhDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
         DIE(("No MZ signature found, e_magic is %hX\n", pidhDosHeader->e_magic));
 
+    /* NT HEADER */
+    nStatus = STATUS_INVALID_IMAGE_PROTECT;
+
     /* not a Windows executable */
     if(pidhDosHeader->e_lfanew <= 0)
         DIE(("Not a Windows executable, e_lfanew is %d\n", pidhDosHeader->e_lfanew));
 
-    /* NT HEADER */
-    nStatus = STATUS_INVALID_IMAGE_FORMAT;
-
     if(!Intsafe_AddULong32(&cbFileHeaderOffsetSize, pidhDosHeader->e_lfanew, RTL_SIZEOF_THROUGH_FIELD(IMAGE_NT_HEADERS32, FileHeader)))
         DIE(("The DOS stub is too large, e_lfanew is %X\n", pidhDosHeader->e_lfanew));
 
@@ -336,11 +336,11 @@ l_ReadHeaderFromFile:
         if(pinhNtHeader->Signature != IMAGE_NT_SIGNATURE)
             DIE(("The file isn't a PE executable, Signature is %X\n", pinhNtHeader->Signature));
 
-        nStatus = STATUS_INVALID_IMAGE_FORMAT;
-
         if(!Intsafe_AddULong32(&cbOptHeaderOffsetSize, pidhDosHeader->e_lfanew, FIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader)))
             DIE(("The DOS stub is too large, e_lfanew is %X\n", pidhDosHeader->e_lfanew));
 
+        nStatus = STATUS_INVALID_IMAGE_FORMAT;
+
         if(!Intsafe_AddULong32(&cbOptHeaderOffsetSize, cbOptHeaderOffsetSize, pinhNtHeader->FileHeader.SizeOfOptionalHeader))
             DIE(("The NT header is too large, SizeOfOptionalHeader is %X\n", pinhNtHeader->FileHeader.SizeOfOptionalHeader));