[ros-diffs] [tfaber] 63779: [NTOS:CM] - Improve the hack from r63777 to return an allow-Everyone DACL. Fixes crash in advapi32:security. CORE-8383 #resolve

Author: tfaber Date: Wed Jul 30 10:08:30 2014 New Revision: 63779 URL: http://svn.reactos.org/svn/reactos?rev=63779&view=rev Log: [NTOS:CM] - Improve the hack from r63777 to return an allow-Everyone DACL. Fixes crash in advapi32:security. CORE-8383 #resolve Modified: trunk/reactos/ntoskrnl/config/cmse.c Modified: trunk/reactos/ntoskrnl/config/cmse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmse.c?rev… ============================================================================== --- trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmse.c [iso-8859-1] Wed Jul 30 10:08:30 2014 @@ -144,10 +144,14 @@ IN OUT PULONG BufferLength) { PISECURITY_DESCRIPTOR_RELATIVE RelSd; - PUCHAR Current; ULONG SidSize; + ULONG AclSize; ULONG SdSize; NTSTATUS Status; + SECURITY_DESCRIPTOR_CONTROL Control = 0; + ULONG Owner = 0; + ULONG Group = 0; + ULONG Dacl = 0; DBG_UNREFERENCED_PARAMETER(KeyBody); @@ -157,8 +161,33 @@ } SidSize = RtlLengthSid(SeWorldSid); - SdSize = sizeof(*RelSd) + 2 * SidSize; RelSd = SecurityDescriptor; + SdSize = sizeof(*RelSd); + + if (SecurityInformation & OWNER_SECURITY_INFORMATION) + { + Owner = SdSize; + SdSize += SidSize; + } + + if (SecurityInformation & GROUP_SECURITY_INFORMATION) + { + Group = SdSize; + SdSize += SidSize; + } + + if (SecurityInformation & DACL_SECURITY_INFORMATION) + { + Control |= SE_DACL_PRESENT; + Dacl = SdSize; + AclSize = sizeof(ACL) + sizeof(ACE) + SidSize; + SdSize += AclSize; + } + + if (SecurityInformation & SACL_SECURITY_INFORMATION) + { + Control |= SE_SACL_PRESENT; + } if (*BufferLength < SdSize) { @@ -173,36 +202,37 @@ if (!NT_SUCCESS(Status)) return Status; - Current = (PUCHAR)(RelSd + 1); - ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); - - if (SecurityInformation & OWNER_SECURITY_INFORMATION) - { - RtlCopyMemory(Current, SeWorldSid, SidSize); - RelSd->Owner = Current - (PUCHAR)RelSd; - Current += SidSize; - ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); - } - - if (SecurityInformation & GROUP_SECURITY_INFORMATION) - { - RtlCopyMemory(Current, SeWorldSid, SidSize); - RelSd->Group = Current - (PUCHAR)RelSd; - Current += SidSize; - ASSERT((ULONG_PTR)Current - (ULONG_PTR)RelSd <= SdSize); - } - - if (SecurityInformation & DACL_SECURITY_INFORMATION) - { - RelSd->Control |= SE_DACL_PRESENT; - } - - if (SecurityInformation & SACL_SECURITY_INFORMATION) - { - RelSd->Control |= SE_SACL_PRESENT; - } - - return STATUS_SUCCESS; + RelSd->Control |= Control; + RelSd->Owner = Owner; + RelSd->Group = Group; + RelSd->Dacl = Dacl; + + if (Owner) + RtlCopyMemory((PUCHAR)RelSd + Owner, + SeWorldSid, + SidSize); + + if (Group) + RtlCopyMemory((PUCHAR)RelSd + Group, + SeWorldSid, + SidSize); + + if (Dacl) + { + Status = RtlCreateAcl((PACL)((PUCHAR)RelSd + Dacl), + AclSize, + ACL_REVISION); + if (NT_SUCCESS(Status)) + { + Status = RtlAddAccessAllowedAce((PACL)((PUCHAR)RelSd + Dacl), + ACL_REVISION, + GENERIC_ALL, + SeWorldSid); + } + } + + ASSERT(Status == STATUS_SUCCESS); + return Status; } NTSTATUS