Improvements to NtAdjustPrivilegesToken part 4 (last one):

- SEH-protect all code that writes to PreviousState as it cannot be captured. - Add a missing ObDereferenceObject and SeReleaseLuidAndAttributesArray. svn path=/trunk/; revision=48721
2025-08-05 01:05:42 +00:00 · 2010-09-07 15:08:29 +00:00 · 2010-09-07 15:08:29 +00:00 · 340a34cec4
commit 340a34cec4
parent e851b3ba21
1 changed files with 79 additions and 49 deletions
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@ -2117,6 +2117,15 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
+            /* Dereference the token */
+            ObDereferenceObject(Token);
+
+            /* Release the captured privileges */
+            if (CapturedPrivileges != NULL)
+                SeReleaseLuidAndAttributesArray(CapturedPrivileges,
+                                                PreviousMode,
+                                                TRUE);
+
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
@ -2125,7 +2134,10 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
        /* Fail, if the buffer length is smaller than the required length */
        if (BufferLength < RequiredLength)
        {
+            /* Dereference the token */
            ObDereferenceObject(Token);
+
+            /* Release the captured privileges */
            if (CapturedPrivileges != NULL)
                SeReleaseLuidAndAttributesArray(CapturedPrivileges,
                                                PreviousMode,
@ -2137,6 +2149,8 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,

    /* Change the privilege attributes */
    ChangeCount = 0;
+    _SEH2_TRY
+    {
        for (i = 0; i < Token->PrivilegeCount; i++)
        {
            if (DisableAllPrivileges == TRUE)
@ -2200,6 +2214,22 @@ NtAdjustPrivilegesToken(IN HANDLE TokenHandle,
        /* Set the number of saved privileges */
        if (PreviousState != NULL)
            PreviousState->PrivilegeCount = ChangeCount;
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        /* Dereference the token */
+        ObDereferenceObject(Token);
+
+        /* Release the captured privileges */
+        if (CapturedPrivileges != NULL)
+            SeReleaseLuidAndAttributesArray(CapturedPrivileges,
+                                            PreviousMode,
+                                            TRUE);
+
+        /* Return the exception code */
+        _SEH2_YIELD(return _SEH2_GetExceptionCode());
+    }
+    _SEH2_END;

    /* Set the status */
    Status = (ChangeCount < CapturedCount) ? STATUS_NOT_ALL_ASSIGNED : STATUS_SUCCESS;