From 92dc522ad6e4583db540627b3454fe9d7fdd332b Mon Sep 17 00:00:00 2001 From: Wez Date: Fri, 7 Sep 2018 23:01:27 +0000 Subject: [PATCH] Zero the out-parameter when blocking NtMapViewOfSection() in the sandbox. If mapping of a DLL into the sandboxed process is blocked then we unmap it and return an "unsuccessful" status, but we left the DLL base-address out-parameter set to a non-NULL value. Reset the out-parameter to null when blocking a DLL, to ensure that callers don't get confused into thinking the operation was successful. This replicates the change from https://chromium-review.googlesource.com/c/chromium/src/+/1211322 to the ThirdPartyModulesBlocking implementation of NtMapViewOfSection(). Change-Id: I7c326a1c78870888c2141f24ae357d0f9be55a62 Reviewed-on: https://chromium-review.googlesource.com/1213561 Commit-Queue: Wez Reviewed-by: Will Harris Cr-Commit-Position: refs/heads/master@{#589704} --- sandbox/win/src/target_interceptions.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/sandbox/win/src/target_interceptions.cc b/sandbox/win/src/target_interceptions.cc index 5da25c54442625..7ea741c6c18fe4 100644 --- a/sandbox/win/src/target_interceptions.cc +++ b/sandbox/win/src/target_interceptions.cc @@ -98,6 +98,7 @@ TargetNtMapViewOfSection(NtMapViewOfSectionFunction orig_MapViewOfSection, if (!agent->OnDllLoad(file_name, module_name, *base)) { // Interception agent is demanding to un-map the module. g_nt.UnmapViewOfSection(process, *base); + *base = nullptr; ret = STATUS_UNSUCCESSFUL; } }