[ros-diffs] [reactos] 03/07: [NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523)

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b33911b93dacbc0a1dcdf… commit b33911b93dacbc0a1dcdf9869d5fb71b077a7617 Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> AuthorDate: Fri May 20 02:26:21 2022 +0200 Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> CommitDate: Mon May 23 19:30:34 2022 +0200 [NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523) This function is either called inter-kernel (in which case, all parameters must be valid, and if not, we have to bugcheck), or, it is called with **captured** parameters (from NtFilterToken) and those latter ones are now expected to be valid and reside in kernel-mode. Finally, data copied between token structures reside in kernel-mode only and again are expected to be valid (if not, we bugcheck). --- ntoskrnl/se/token.c | 132 +++++++++++----------------------------------------- 1 file changed, 26 insertions(+), 106 deletions(-) diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c index f215f4c1fe2..96e972f2c5b 100644 --- a/ntoskrnl/se/token.c +++ b/ntoskrnl/se/token.c @@ -2254,27 +2254,9 @@ SepPerformTokenFiltering( EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength); VariableLength -= PrivilegesLength; - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - RtlCopyMemory(AccessToken->Privileges, - Token->Privileges, - AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - RtlCopyMemory(AccessToken->Privileges, - Token->Privileges, - AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); - } + RtlCopyMemory(AccessToken->Privileges, + Token->Privileges, + AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); } /* Copy the user and groups */ @@ -2287,39 +2269,17 @@ SepPerformTokenFiltering( EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount]; VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups); - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, - Token->UserAndGroups, - VariableLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &VariableLength); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else + Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, + Token->UserAndGroups, + VariableLength, + AccessToken->UserAndGroups, + EndMem, + &EndMem, + &VariableLength); + if (!NT_SUCCESS(Status)) { - Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, - Token->UserAndGroups, - VariableLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &VariableLength); - if (!NT_SUCCESS(Status)) - { - DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status); - goto Quit; - } + DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status); + goto Quit; } } @@ -2333,39 +2293,17 @@ SepPerformTokenFiltering( EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount]; VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids); - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, - Token->RestrictedSids, - VariableLength, - AccessToken->RestrictedSids, - EndMem, - &EndMem, - &VariableLength); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else + Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, + Token->RestrictedSids, + VariableLength, + AccessToken->RestrictedSids, + EndMem, + &EndMem, + &VariableLength); + if (!NT_SUCCESS(Status)) { - Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, - Token->RestrictedSids, - VariableLength, - AccessToken->RestrictedSids, - EndMem, - &EndMem, - &VariableLength); - if (!NT_SUCCESS(Status)) - { - DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status); - goto Quit; - } + DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status); + goto Quit; } } @@ -2614,27 +2552,9 @@ SepPerformTokenFiltering( EndMem = (PVOID)((ULONG_PTR)EndMem + RestrictedSidsLength); VariableLength -= RestrictedSidsLength; - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - RtlCopyMemory(AccessToken->RestrictedSids, - RestrictedSidsIntoToken, - AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - RtlCopyMemory(AccessToken->RestrictedSids, - RestrictedSidsIntoToken, - AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); - } + RtlCopyMemory(AccessToken->RestrictedSids, + RestrictedSidsIntoToken, + AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); /* * As we've copied the restricted SIDs into