Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-07 18:56:48 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:SE] Do not set SE_DACL_PRESENT flag that early

Browse source 
The function might assign the flag yet it could possibly fail on creating a DACL and insert an "access allowed" right to the access entry within the DACL. In this case, make sure we actually succeeded on all the tasks and THEN assign the flag that the DACL is truly present.

Also, make sure that the Current buffer size variable gets its new size so that we avoid overidding the memory of the DACL if the security descriptor wants both a DACL and SACL and so that happens that the DACL memory gets overwritten by the SACL.
This commit is contained in:
George Bișoc 2021-09-24 19:39:30 +02:00
parent f341b9080b
commit 0b4763f1b1
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ntoskrnl/se/sd.c
View file

@ -220,7 +220,6 @@ SeSetWorldSecurityDescriptor(
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
SdRel->Control |= SE_DACL_PRESENT;
Status = RtlCreateAcl(Dacl,
sizeof(ACL) + sizeof(ACE) + SidSize,
@ -235,7 +234,9 @@ SeSetWorldSecurityDescriptor(
if (!NT_SUCCESS(Status))
return Status;
SdRel->Control |= SE_DACL_PRESENT;
SdRel->Dacl = Current;
Current += SidSize;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)