Merge pull request #2788 from LRFLEW/security

Fixed a theoretical security issue for OS X and Linux

OpenRCT2.xcodeproj/project.pbxproj

@@ -1600,7 +1600,7 @@
 					"-segprot",
 					rct2_text,
 					rwx,
-					rwx,
+					rx,
 					"-sectcreate",
 					rct2_data,
 					__data,
@@ -1610,8 +1610,8 @@
 					0x8a4000,
 					"-segprot",
 					rct2_data,
-					rwx,
-					rwx,
+					rw,
+					rw,
 				);
 				PRODUCT_BUNDLE_IDENTIFIER = website.openrct2.OpenRCT2;
 				PRODUCT_NAME = "$(TARGET_NAME)";
@@ -1646,7 +1646,7 @@
 					"-segprot",
 					rct2_text,
 					rwx,
-					rwx,
+					rx,
 					"-sectcreate",
 					rct2_data,
 					__data,
@@ -1656,8 +1656,8 @@
 					0x8a4000,
 					"-segprot",
 					rct2_data,
-					rwx,
-					rwx,
+					rw,
+					rw,
 				);
 				PRODUCT_BUNDLE_IDENTIFIER = website.openrct2.OpenRCT2;
 				PRODUCT_NAME = "$(TARGET_NAME)";

src/hook.c

@@ -242,7 +242,19 @@ void addhook(int address, int newaddress, int stacksize, int registerargs[], int
 	WriteProcessMemory(GetCurrentProcess(), (LPVOID)address, data, i, 0);
 #else
 	// We own the pages with PROT_WRITE | PROT_EXEC, we can simply just memcpy the data
+	int err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_WRITE);
+	if (err != 0)
+	{
+		perror("mprotect");
+	}
+	
 	memcpy((void *)address, data, i);
+	
+	err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_EXEC);
+	if (err != 0)
+	{
+		perror("mprotect");
+	}
 #endif // __WINDOWS__
 	hookfunc(hookaddress, newaddress, stacksize, registerargs, registersreturned, eaxDestinationRegister);
 	g_hooktableoffset++;

src/openrct2.c

@@ -548,7 +548,7 @@ bool openrct2_setup_rct2_segment()
 		log_error("At least one of required pages was not found in memory. This can cause segfaults later on.");
 	}
 	// section: text
-	err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_WRITE | PROT_EXEC);
+	err = mprotect((void *)0x401000, 0x8a4000 - 0x401000, PROT_READ | PROT_EXEC);
 	if (err != 0)
 	{
 		perror("mprotect");