From 7ddd79b8f5e814437afc4aaa25fa82fe45e0c742 Mon Sep 17 00:00:00 2001
From: Paul Gofman <pgofman@codeweavers.com>
Date: Mon, 27 Sep 2021 13:50:02 +0300
Subject: [PATCH] kernelbase: Sanitize flags in GetModuleHandleExW().

Signed-off-by: Paul Gofman <pgofman@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/kernel32/tests/module.c | 17 +++++++++++++++++
 dlls/kernelbase/loader.c     | 10 ++++++++++
 2 files changed, 27 insertions(+)

diff --git a/dlls/kernel32/tests/module.c b/dlls/kernel32/tests/module.c
index 5ca137ad6ba..bfa389ac9ab 100644
--- a/dlls/kernel32/tests/module.c
+++ b/dlls/kernel32/tests/module.c
@@ -1011,6 +1011,23 @@ static void testGetModuleHandleEx(void)
     ok( error == ERROR_MOD_NOT_FOUND, "got %u\n", error );
     ok( mod == NULL, "got %p\n", mod );
 
+    SetLastError( 0xdeadbeef );
+    mod = (HMODULE)0xdeadbeef;
+    ret = GetModuleHandleExW( GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT
+                              | GET_MODULE_HANDLE_EX_FLAG_PIN, (LPCWSTR)mod_kernel32, &mod );
+    error = GetLastError();
+    ok( !ret, "unexpected success\n" );
+    ok( error == ERROR_INVALID_PARAMETER, "got %u\n", error );
+    ok( mod == NULL, "got %p\n", mod );
+
+    SetLastError( 0xdeadbeef );
+    mod = (HMODULE)0xdeadbeef;
+    ret = GetModuleHandleExW( 8, kernel32W, &mod );
+    error = GetLastError();
+    ok( !ret, "unexpected success\n" );
+    ok( error == ERROR_INVALID_PARAMETER, "got %u\n", error );
+    ok( mod == NULL, "got %p\n", mod );
+
     FreeLibrary( mod_kernel32 );
 }
 
diff --git a/dlls/kernelbase/loader.c b/dlls/kernelbase/loader.c
index ac463528e3c..9aff460c955 100644
--- a/dlls/kernelbase/loader.c
+++ b/dlls/kernelbase/loader.c
@@ -384,6 +384,16 @@ BOOL WINAPI DECLSPEC_HOTPATCH GetModuleHandleExW( DWORD flags, LPCWSTR name, HMO
         return FALSE;
     }
 
+    if ((flags & ~(GET_MODULE_HANDLE_EX_FLAG_PIN | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT
+                  | GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS))
+                  || (flags & (GET_MODULE_HANDLE_EX_FLAG_PIN | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT))
+                  == (GET_MODULE_HANDLE_EX_FLAG_PIN | GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT))
+    {
+        *module = NULL;
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+
     /* if we are messing with the refcount, grab the loader lock */
     lock = (flags & GET_MODULE_HANDLE_EX_FLAG_PIN) || !(flags & GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT);
     if (lock) LdrLockLoaderLock( 0, NULL, &magic );
-- 
2.11.4.GIT