[ekohl] 46629: [NTORKRNL] SepAccessCheck: Deny access if the DACL is is empty (but not NULL). - Ros-diffs

31 Mar 2010

Author: ekohl
Date: Wed Mar 31 23:02:38 2010
New Revision: 46629
URL: http://svn.reactos.org/svn/reactos?rev=46629&view=rev
Log:
[NTORKRNL]
SepAccessCheck: Deny access if the DACL is is empty (but not NULL).
Modified:
    trunk/reactos/ntoskrnl/se/semgr.c
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=466...
==============================================================================

--- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Mar 31 23:02:38 2010
@@ -457,6 +457,14 @@
         }
     }
+    /* Deny access if the DACL is empty */
+    if (Dacl->AceCount == 0)
+    {
+        *GrantedAccess = 0;
+        *AccessStatus = STATUS_ACCESS_DENIED;
+        return FALSE;
+    }
+
     /* RULE 3: Check whether the token is the owner */
     Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor,
                                            &Sid,

    