Author: ekohl Date: Sun Jun 24 21:04:11 2012 New Revision: 56800
URL: http://svn.reactos.org/svn/reactos?rev=56800&view=rev Log: [NTOSKRNL] Fix error handling for SepDuplicateToken and SeCreateToken.
Modified: trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=568... ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sun Jun 24 21:04:11 2012 @@ -234,7 +234,7 @@ ULONG uLength; ULONG i; PVOID EndMem; - PTOKEN AccessToken; + PTOKEN AccessToken = NULL; NTSTATUS Status;
PAGED_CODE(); @@ -290,10 +290,14 @@ for (i = 0; i < Token->UserAndGroupCount; i++) uLength += RtlLengthSid(Token->UserAndGroups[i].Sid);
- AccessToken->UserAndGroups = - (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG_TOKEN_USERS); + AccessToken->UserAndGroups = ExAllocatePoolWithTag(PagedPool, + uLength, + TAG_TOKEN_USERS); + if (AccessToken->UserAndGroups == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + }
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
@@ -304,48 +308,69 @@ EndMem, &EndMem, &uLength); - if (NT_SUCCESS(Status)) - { - Status = SepFindPrimaryGroupAndDefaultOwner( - AccessToken, - Token->PrimaryGroup, - 0); - } - - if (NT_SUCCESS(Status)) - { - AccessToken->PrivilegeCount = Token->PrivilegeCount; - - uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); - AccessToken->Privileges = - (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, + if (!NT_SUCCESS(Status)) + goto done; + + Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken, + Token->PrimaryGroup, + 0); + if (!NT_SUCCESS(Status)) + goto done; + + AccessToken->PrivilegeCount = Token->PrivilegeCount; + + uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); + AccessToken->Privileges = ExAllocatePoolWithTag(PagedPool, uLength, TAG_TOKEN_PRIVILAGES); - - for (i = 0; i < AccessToken->PrivilegeCount; i++) - { - RtlCopyLuid(&AccessToken->Privileges[i].Luid, - &Token->Privileges[i].Luid); - AccessToken->Privileges[i].Attributes = - Token->Privileges[i].Attributes; - } - - if (Token->DefaultDacl) - { - AccessToken->DefaultDacl = - (PACL) ExAllocatePoolWithTag(PagedPool, - Token->DefaultDacl->AclSize, - TAG_TOKEN_ACL); - memcpy(AccessToken->DefaultDacl, - Token->DefaultDacl, - Token->DefaultDacl->AclSize); - } - } - - if (NT_SUCCESS(Status)) - { - *NewAccessToken = AccessToken; - return(STATUS_SUCCESS); + if (AccessToken->Privileges == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + for (i = 0; i < AccessToken->PrivilegeCount; i++) + { + RtlCopyLuid(&AccessToken->Privileges[i].Luid, + &Token->Privileges[i].Luid); + AccessToken->Privileges[i].Attributes = + Token->Privileges[i].Attributes; + } + + if (Token->DefaultDacl) + { + AccessToken->DefaultDacl = ExAllocatePoolWithTag(PagedPool, + Token->DefaultDacl->AclSize, + TAG_TOKEN_ACL); + if (AccessToken->DefaultDacl == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + memcpy(AccessToken->DefaultDacl, + Token->DefaultDacl, + Token->DefaultDacl->AclSize); + } + + *NewAccessToken = AccessToken; + +done: + if (!NT_SUCCESS(Status)) + { + if (AccessToken) + { + if (AccessToken->UserAndGroups) + ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS); + + if (AccessToken->Privileges) + ExFreePoolWithTag(AccessToken->Privileges, TAG_TOKEN_PRIVILAGES); + + if (AccessToken->DefaultDacl) + ExFreePoolWithTag(AccessToken->DefaultDacl, TAG_TOKEN_ACL); + + ObDereferenceObject(AccessToken); + } }
return Status; @@ -636,10 +661,14 @@ for (i = 0; i < GroupCount; i++) uLength += RtlLengthSid(Groups[i].Sid);
- AccessToken->UserAndGroups = - (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, - uLength, - TAG_TOKEN_USERS); + AccessToken->UserAndGroups = ExAllocatePoolWithTag(PagedPool, + uLength, + TAG_TOKEN_USERS); + if (AccessToken->UserAndGroups == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + }
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
@@ -650,65 +679,71 @@ EndMem, &EndMem, &uLength); - if (NT_SUCCESS(Status)) - { - Status = RtlCopySidAndAttributesArray(GroupCount, - Groups, - uLength, - &AccessToken->UserAndGroups[1], - EndMem, - &EndMem, - &uLength); - } - - if (NT_SUCCESS(Status)) - { - Status = SepFindPrimaryGroupAndDefaultOwner( - AccessToken, - PrimaryGroup, - Owner); - } - - if (NT_SUCCESS(Status)) - { - uLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); - AccessToken->Privileges = - (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool, + if (!NT_SUCCESS(Status)) + goto done; + + Status = RtlCopySidAndAttributesArray(GroupCount, + Groups, + uLength, + &AccessToken->UserAndGroups[1], + EndMem, + &EndMem, + &uLength); + if (!NT_SUCCESS(Status)) + goto done; + + Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken, + PrimaryGroup, + Owner); + if (!NT_SUCCESS(Status)) + goto done; + + uLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES); + AccessToken->Privileges = ExAllocatePoolWithTag(PagedPool, uLength, TAG_TOKEN_PRIVILAGES); - - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - RtlCopyMemory(AccessToken->Privileges, - Privileges, - PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - } - _SEH2_END; - } - else + if (AccessToken->Privileges == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + if (PreviousMode != KernelMode) + { + _SEH2_TRY { RtlCopyMemory(AccessToken->Privileges, Privileges, PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); } - } - - if (NT_SUCCESS(Status)) - { - AccessToken->DefaultDacl = - (PACL) ExAllocatePoolWithTag(PagedPool, - DefaultDacl->AclSize, - TAG_TOKEN_ACL); - memcpy(AccessToken->DefaultDacl, - DefaultDacl, - DefaultDacl->AclSize); - } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + } + else + { + RtlCopyMemory(AccessToken->Privileges, + Privileges, + PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); + } + + if (!NT_SUCCESS(Status)) + goto done; + + AccessToken->DefaultDacl = ExAllocatePoolWithTag(PagedPool, + DefaultDacl->AclSize, + TAG_TOKEN_ACL); + if (AccessToken->DefaultDacl == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + RtlCopyMemory(AccessToken->DefaultDacl, + DefaultDacl, + DefaultDacl->AclSize);
if (!SystemToken) { @@ -727,6 +762,24 @@ { /* Return pointer instead of handle */ *TokenHandle = (HANDLE)AccessToken; + } + +done: + if (!NT_SUCCESS(Status)) + { + if (AccessToken) + { + if (AccessToken->UserAndGroups) + ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS); + + if (AccessToken->Privileges) + ExFreePoolWithTag(AccessToken->Privileges, TAG_TOKEN_PRIVILAGES); + + if (AccessToken->DefaultDacl) + ExFreePoolWithTag(AccessToken->DefaultDacl, TAG_TOKEN_ACL); + + ObDereferenceObject(AccessToken); + } }
return Status;
-
ekohl@svn.reactos.org