Author: ekohl Date: Wed Mar 31 23:02:38 2010 New Revision: 46629 URL: http://svn.reactos.org/svn/reactos?rev=46629&view=rev Log: [NTORKRNL] SepAccessCheck: Deny access if the DACL is is empty (but not NULL). Modified: trunk/reactos/ntoskrnl/se/semgr.c Modified: trunk/reactos/ntoskrnl/se/semgr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=46… ============================================================================== --- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Wed Mar 31 23:02:38 2010 @@ -457,6 +457,14 @@ } } + /* Deny access if the DACL is empty */ + if (Dacl->AceCount == 0) + { + *GrantedAccess = 0; + *AccessStatus = STATUS_ACCESS_DENIED; + return FALSE; + } + /* RULE 3: Check whether the token is the owner */ Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, &Sid,