ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: More error checking. Properly handle NULL ACLs.

This commit is contained in:
Vitaliy Margolen 2007-02-27 07:28:18 -07:00 committed by Alexandre Julliard
parent 1780ca678c
commit c0a5671d9c
2 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dlls/advapi32/tests/security.c
View File

@ -1477,10 +1477,17 @@ static void test_process_security(void)
event = CreateEvent( NULL, TRUE, TRUE, "test_event" );
ok(event != NULL, "CreateEvent %d\n", GetLastError());
SecurityDescriptor->Revision = 0;
CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_UNKNOWN_REVISION );
SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
CHECK_SET_SECURITY( event, GROUP_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
CHECK_SET_SECURITY( event, SACL_SECURITY_INFORMATION, ERROR_ACCESS_DENIED );
CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
/* NULL DACL is valid and means default DACL from token */
SecurityDescriptor->Control |= SE_DACL_PRESENT;
CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
/* Set owner and group and dacl */
res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);

19
dlls/ntdll/sec.c
View File

@ -1569,34 +1569,39 @@ NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle,
if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
memset( &sd, 0, sizeof(sd) );
RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
status = RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
if (status != STATUS_SUCCESS) return status;
sd.control = control & ~SE_SELF_RELATIVE;
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
status = RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
if (status != STATUS_SUCCESS) return status;
if (!(sd.owner_len = RtlLengthSid( owner )))
return STATUS_INVALID_SECURITY_DESCR;
}
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
status = RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
if (status != STATUS_SUCCESS) return status;
if (!(sd.group_len = RtlLengthSid( group )))
return STATUS_INVALID_SECURITY_DESCR;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
sd.sacl_len = present ? sacl->AclSize : 0;
status = RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
if (status != STATUS_SUCCESS) return status;
sd.sacl_len = (sacl && present) ? sacl->AclSize : 0;
sd.control |= SE_SACL_PRESENT;
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
sd.dacl_len = present ? dacl->AclSize : 0;
status = RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
if (status != STATUS_SUCCESS) return status;
sd.dacl_len = (dacl && present) ? dacl->AclSize : 0;
sd.control |= SE_DACL_PRESENT;
}