15 Apr
2009
15 Apr
'09
8:33 a.m.
Author: cwittich
Date: Wed Apr 15 12:33:57 2009
New Revision: 40519
URL: http://svn.reactos.org/svn/reactos?rev=40519&view=rev
Log:
check for immutable bits in RtlSetControlSecurityDescriptor
fixes >100 advapi32 security winetests
Modified:
trunk/reactos/lib/rtl/sd.c
Modified: trunk/reactos/lib/rtl/sd.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/sd.c?rev=40519&…
==============================================================================
--- trunk/reactos/lib/rtl/sd.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/sd.c [iso-8859-1] Wed Apr 15 12:33:57 2009
@@ -667,6 +667,13 @@
IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
{
+ SECURITY_DESCRIPTOR_CONTROL const immutable
+ = SE_OWNER_DEFAULTED | SE_GROUP_DEFAULTED
+ | SE_DACL_PRESENT | SE_DACL_DEFAULTED
+ | SE_SACL_PRESENT | SE_SACL_DEFAULTED
+ | SE_RM_CONTROL_VALID | SE_SELF_RELATIVE
+ ;
+
PISECURITY_DESCRIPTOR pSD = (PISECURITY_DESCRIPTOR)SecurityDescriptor;
PAGED_CODE_RTL();
@@ -675,6 +682,9 @@
{
return STATUS_UNKNOWN_REVISION;
}
+
+ if ((ControlBitsOfInterest | ControlBitsToSet) & immutable)
+ return STATUS_INVALID_PARAMETER;
/* Zero the 'bits of interest' */
pSD->Control &= ~ControlBitsOfInterest;