24 Jun
2012
24 Jun
'12
9:04 p.m.
Author: ekohl
Date: Sun Jun 24 21:04:11 2012
New Revision: 56800
URL: http://svn.reactos.org/svn/reactos?rev=56800&view=rev
Log:
[NTOSKRNL]
Fix error handling for SepDuplicateToken and SeCreateToken.
Modified:
trunk/reactos/ntoskrnl/se/token.c
Modified: trunk/reactos/ntoskrnl/se/token.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=56…
==============================================================================
--- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sun Jun 24 21:04:11 2012
@@ -234,7 +234,7 @@
ULONG uLength;
ULONG i;
PVOID EndMem;
- PTOKEN AccessToken;
+ PTOKEN AccessToken = NULL;
NTSTATUS Status;
PAGED_CODE();
@@ -290,10 +290,14 @@
for (i = 0; i < Token->UserAndGroupCount; i++)
uLength += RtlLengthSid(Token->UserAndGroups[i].Sid);
- AccessToken->UserAndGroups =
- (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG_TOKEN_USERS);
+ AccessToken->UserAndGroups = ExAllocatePoolWithTag(PagedPool,
+ uLength,
+ TAG_TOKEN_USERS);
+ if (AccessToken->UserAndGroups == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
@@ -304,48 +308,69 @@
EndMem,
&EndMem,
&uLength);
- if (NT_SUCCESS(Status))
- {
- Status = SepFindPrimaryGroupAndDefaultOwner(
- AccessToken,
- Token->PrimaryGroup,
- 0);
- }
-
- if (NT_SUCCESS(Status))
- {
- AccessToken->PrivilegeCount = Token->PrivilegeCount;
-
- uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
- AccessToken->Privileges =
- (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken,
+ Token->PrimaryGroup,
+ 0);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ AccessToken->PrivilegeCount = Token->PrivilegeCount;
+
+ uLength = AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
+ AccessToken->Privileges = ExAllocatePoolWithTag(PagedPool,
uLength,
TAG_TOKEN_PRIVILAGES);
-
- for (i = 0; i < AccessToken->PrivilegeCount; i++)
- {
- RtlCopyLuid(&AccessToken->Privileges[i].Luid,
- &Token->Privileges[i].Luid);
- AccessToken->Privileges[i].Attributes =
- Token->Privileges[i].Attributes;
- }
-
- if (Token->DefaultDacl)
- {
- AccessToken->DefaultDacl =
- (PACL) ExAllocatePoolWithTag(PagedPool,
- Token->DefaultDacl->AclSize,
- TAG_TOKEN_ACL);
- memcpy(AccessToken->DefaultDacl,
- Token->DefaultDacl,
- Token->DefaultDacl->AclSize);
- }
- }
-
- if (NT_SUCCESS(Status))
- {
- *NewAccessToken = AccessToken;
- return(STATUS_SUCCESS);
+ if (AccessToken->Privileges == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ for (i = 0; i < AccessToken->PrivilegeCount; i++)
+ {
+ RtlCopyLuid(&AccessToken->Privileges[i].Luid,
+ &Token->Privileges[i].Luid);
+ AccessToken->Privileges[i].Attributes =
+ Token->Privileges[i].Attributes;
+ }
+
+ if (Token->DefaultDacl)
+ {
+ AccessToken->DefaultDacl = ExAllocatePoolWithTag(PagedPool,
+
Token->DefaultDacl->AclSize,
+ TAG_TOKEN_ACL);
+ if (AccessToken->DefaultDacl == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ memcpy(AccessToken->DefaultDacl,
+ Token->DefaultDacl,
+ Token->DefaultDacl->AclSize);
+ }
+
+ *NewAccessToken = AccessToken;
+
+done:
+ if (!NT_SUCCESS(Status))
+ {
+ if (AccessToken)
+ {
+ if (AccessToken->UserAndGroups)
+ ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS);
+
+ if (AccessToken->Privileges)
+ ExFreePoolWithTag(AccessToken->Privileges, TAG_TOKEN_PRIVILAGES);
+
+ if (AccessToken->DefaultDacl)
+ ExFreePoolWithTag(AccessToken->DefaultDacl, TAG_TOKEN_ACL);
+
+ ObDereferenceObject(AccessToken);
+ }
}
return Status;
@@ -636,10 +661,14 @@
for (i = 0; i < GroupCount; i++)
uLength += RtlLengthSid(Groups[i].Sid);
- AccessToken->UserAndGroups =
- (PSID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
- uLength,
- TAG_TOKEN_USERS);
+ AccessToken->UserAndGroups = ExAllocatePoolWithTag(PagedPool,
+ uLength,
+ TAG_TOKEN_USERS);
+ if (AccessToken->UserAndGroups == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
@@ -650,65 +679,71 @@
EndMem,
&EndMem,
&uLength);
- if (NT_SUCCESS(Status))
- {
- Status = RtlCopySidAndAttributesArray(GroupCount,
- Groups,
- uLength,
- &AccessToken->UserAndGroups[1],
- EndMem,
- &EndMem,
- &uLength);
- }
-
- if (NT_SUCCESS(Status))
- {
- Status = SepFindPrimaryGroupAndDefaultOwner(
- AccessToken,
- PrimaryGroup,
- Owner);
- }
-
- if (NT_SUCCESS(Status))
- {
- uLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
- AccessToken->Privileges =
- (PLUID_AND_ATTRIBUTES)ExAllocatePoolWithTag(PagedPool,
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ Status = RtlCopySidAndAttributesArray(GroupCount,
+ Groups,
+ uLength,
+ &AccessToken->UserAndGroups[1],
+ EndMem,
+ &EndMem,
+ &uLength);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken,
+ PrimaryGroup,
+ Owner);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ uLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
+ AccessToken->Privileges = ExAllocatePoolWithTag(PagedPool,
uLength,
TAG_TOKEN_PRIVILAGES);
-
- if (PreviousMode != KernelMode)
- {
- _SEH2_TRY
- {
- RtlCopyMemory(AccessToken->Privileges,
- Privileges,
- PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
- }
- _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
- {
- Status = _SEH2_GetExceptionCode();
- }
- _SEH2_END;
- }
- else
+ if (AccessToken->Privileges == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ if (PreviousMode != KernelMode)
+ {
+ _SEH2_TRY
{
RtlCopyMemory(AccessToken->Privileges,
Privileges,
PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
}
- }
-
- if (NT_SUCCESS(Status))
- {
- AccessToken->DefaultDacl =
- (PACL) ExAllocatePoolWithTag(PagedPool,
- DefaultDacl->AclSize,
- TAG_TOKEN_ACL);
- memcpy(AccessToken->DefaultDacl,
- DefaultDacl,
- DefaultDacl->AclSize);
- }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = _SEH2_GetExceptionCode();
+ }
+ _SEH2_END;
+ }
+ else
+ {
+ RtlCopyMemory(AccessToken->Privileges,
+ Privileges,
+ PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
+ }
+
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ AccessToken->DefaultDacl = ExAllocatePoolWithTag(PagedPool,
+ DefaultDacl->AclSize,
+ TAG_TOKEN_ACL);
+ if (AccessToken->DefaultDacl == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ RtlCopyMemory(AccessToken->DefaultDacl,
+ DefaultDacl,
+ DefaultDacl->AclSize);
if (!SystemToken)
{
@@ -727,6 +762,24 @@
{
/* Return pointer instead of handle */
*TokenHandle = (HANDLE)AccessToken;
+ }
+
+done:
+ if (!NT_SUCCESS(Status))
+ {
+ if (AccessToken)
+ {
+ if (AccessToken->UserAndGroups)
+ ExFreePoolWithTag(AccessToken->UserAndGroups, TAG_TOKEN_USERS);
+
+ if (AccessToken->Privileges)
+ ExFreePoolWithTag(AccessToken->Privileges, TAG_TOKEN_PRIVILAGES);
+
+ if (AccessToken->DefaultDacl)
+ ExFreePoolWithTag(AccessToken->DefaultDacl, TAG_TOKEN_ACL);
+
+ ObDereferenceObject(AccessToken);
+ }
}
return Status;
4881
days inactive
4881
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org