29 Aug
2009
29 Aug
'09
10:35 a.m.
Author: hpoussin
Date: Sat Aug 29 12:35:30 2009
New Revision: 42960
URL: http://svn.reactos.org/svn/reactos?rev=42960&view=rev
Log:
[ntoskrnl] Check if caller has valid access before opening a registry key
Assign security descriptor to new keys we're creating
Modified:
trunk/reactos/ntoskrnl/config/cmparse.c
Modified: trunk/reactos/ntoskrnl/config/cmparse.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmparse.c?…
==============================================================================
--- trunk/reactos/ntoskrnl/config/cmparse.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/config/cmparse.c [iso-8859-1] Sat Aug 29 12:35:30 2009
@@ -224,6 +224,7 @@
ULONG StorageType;
LARGE_INTEGER SystemTime;
PCM_KEY_CONTROL_BLOCK Kcb;
+ PSECURITY_DESCRIPTOR NewDescriptor;
/* Get the storage type */
StorageType = Stable;
@@ -360,6 +361,26 @@
/* Link it with the KCB */
EnlistKeyBodyWithKCB(KeyBody, 0);
+ /* Assign security */
+ Status = SeAssignSecurity(ParentDescriptor,
+ AccessState->SecurityDescriptor,
+ &NewDescriptor,
+ TRUE,
+ &AccessState->SubjectSecurityContext,
+ &CmpKeyObjectType->TypeInfo.GenericMapping,
+ CmpKeyObjectType->TypeInfo.PoolType);
+ if (NT_SUCCESS(Status))
+ {
+ Status = CmpSecurityMethod(*Object,
+ AssignSecurityDescriptor,
+ NULL,
+ NewDescriptor,
+ NULL,
+ NULL,
+ CmpKeyObjectType->TypeInfo.PoolType,
+ &CmpKeyObjectType->TypeInfo.GenericMapping);
+ }
+
Quickie:
/* Check if we got here because of failure */
if (!NT_SUCCESS(Status))
@@ -686,6 +707,16 @@
/* Link to the KCB */
EnlistKeyBodyWithKCB(KeyBody, 0);
+
+ if (!ObCheckObjectAccess(*Object,
+ AccessState,
+ FALSE,
+ AccessMode,
+ &Status))
+ {
+ /* Access check failed */
+ ObDereferenceObject(*Object);
+ }
}
else
{