Author: hpoussin Date: Sat Aug 29 12:35:30 2009 New Revision: 42960
URL: http://svn.reactos.org/svn/reactos?rev=42960&view=rev Log: [ntoskrnl] Check if caller has valid access before opening a registry key Assign security descriptor to new keys we're creating
Modified: trunk/reactos/ntoskrnl/config/cmparse.c
Modified: trunk/reactos/ntoskrnl/config/cmparse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmparse.c?r... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmparse.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmparse.c [iso-8859-1] Sat Aug 29 12:35:30 2009 @@ -224,6 +224,7 @@ ULONG StorageType; LARGE_INTEGER SystemTime; PCM_KEY_CONTROL_BLOCK Kcb; + PSECURITY_DESCRIPTOR NewDescriptor;
/* Get the storage type */ StorageType = Stable; @@ -360,6 +361,26 @@ /* Link it with the KCB */ EnlistKeyBodyWithKCB(KeyBody, 0);
+ /* Assign security */ + Status = SeAssignSecurity(ParentDescriptor, + AccessState->SecurityDescriptor, + &NewDescriptor, + TRUE, + &AccessState->SubjectSecurityContext, + &CmpKeyObjectType->TypeInfo.GenericMapping, + CmpKeyObjectType->TypeInfo.PoolType); + if (NT_SUCCESS(Status)) + { + Status = CmpSecurityMethod(*Object, + AssignSecurityDescriptor, + NULL, + NewDescriptor, + NULL, + NULL, + CmpKeyObjectType->TypeInfo.PoolType, + &CmpKeyObjectType->TypeInfo.GenericMapping); + } + Quickie: /* Check if we got here because of failure */ if (!NT_SUCCESS(Status)) @@ -686,6 +707,16 @@
/* Link to the KCB */ EnlistKeyBodyWithKCB(KeyBody, 0); + + if (!ObCheckObjectAccess(*Object, + AccessState, + FALSE, + AccessMode, + &Status)) + { + /* Access check failed */ + ObDereferenceObject(*Object); + } } else {