From: Sebastian Lackner Subject: [2/4] advapi: Trigger write watches before passing userdata pointer to read syscall. Message-Id: <542F5151.3040403@fds-team.de> Date: Sat, 04 Oct 2014 03:45:53 +0200 No crash here, but the function could unexpectedly fail in this case. --- dlls/advapi32/crypt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) From 7d9f628d8fa776d60c1f81d88cd1730c65d2f349 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sat, 4 Oct 2014 02:38:27 +0200 Subject: advapi: Trigger write watches before passing userdata pointer to read syscall. --- dlls/advapi32/crypt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dlls/advapi32/crypt.c b/dlls/advapi32/crypt.c index b2be5e3..50502b8 100644 --- a/dlls/advapi32/crypt.c +++ b/dlls/advapi32/crypt.c @@ -2378,7 +2378,8 @@ BOOLEAN WINAPI SystemFunction036(PVOID pbBuffer, ULONG dwLen) dev_random = open("/dev/urandom", O_RDONLY); if (dev_random != -1) { - if (read(dev_random, pbBuffer, dwLen) == (ssize_t)dwLen) + if (!IsBadWritePtr( pbBuffer, dwLen ) && + read(dev_random, pbBuffer, dwLen) == (ssize_t)dwLen) { close(dev_random); return TRUE; -- 2.1.1