[NTOSKRNL]

- In case of AssignSecurityDescriptor operation in IopGetSetSecurityObject(), put the security descriptor in cache before attempting the assignement - In IopUnloadDevice(), don't attempt to free the security descriptor, let this to Ob by just derefencing it. Spotted & fixed by Thomas. This unregresses VMware Tools installation. CORE-7991 svn path=/trunk/; revision=65862
2025-05-20 17:45:06 +00:00 · 2014-12-28 18:31:06 +00:00 · 2014-12-28 18:31:06 +00:00 · 1c36df367b
commit 1c36df367b
parent 3b73052bf8
2 changed files with 21 additions and 6 deletions
--- a/reactos/ntoskrnl/io/iomgr/device.c
+++ b/reactos/ntoskrnl/io/iomgr/device.c
@ -396,8 +396,8 @@ IopUnloadDevice(IN PDEVICE_OBJECT DeviceObject)
        /* Check if we have a Security Descriptor */
        if (DeviceObject->SecurityDescriptor)
        {
-            /* Free it */
-            ExFreePoolWithTag(DeviceObject->SecurityDescriptor, TAG_SD);
+            /* Dereference it */
+            ObDereferenceSecurityDescriptor(DeviceObject->SecurityDescriptor, 1);
        }

        /* Remove the device from the list */
--- a/reactos/ntoskrnl/io/iomgr/file.c
+++ b/reactos/ntoskrnl/io/iomgr/file.c
@ -1551,15 +1551,30 @@ IopGetSetSecurityObject(IN PVOID ObjectBody,
        }
        else if (OperationCode == AssignSecurityDescriptor)
        {
+            Status = STATUS_SUCCESS;
+
            /* Make absolutely sure this is a device object */
            if (!(FileObject) || !(FileObject->Flags & FO_STREAM_FILE))
            {
-                /* Assign the Security Descriptor */
-                DeviceObject->SecurityDescriptor = SecurityDescriptor;
+                PSECURITY_DESCRIPTOR CachedSecurityDescriptor;
+
+                /* Add the security descriptor in cache */
+                Status = ObLogSecurityDescriptor(SecurityDescriptor, &CachedSecurityDescriptor, 1);
+                if (NT_SUCCESS(Status))
+                {
+                    KeEnterCriticalRegion();
+                    ExAcquireResourceExclusiveLite(&IopSecurityResource, TRUE);
+
+                    /* Assign the Security Descriptor */
+                    DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;
+
+                    ExReleaseResourceLite(&IopSecurityResource);
+                    KeLeaveCriticalRegion();
+                }
            }

-            /* Return success */
-            return STATUS_SUCCESS;
+            /* Return status */
+            return Status;
        }
        else if (OperationCode == SetSecurityDescriptor)
        {