mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
[NTOS:SE] Fix the primary group assignation in TokenPrimaryGroup class case
With current master, what happens is that when someone wants to assign a new primary group SID for an access token, it results in an instant page fault because the primary group variable doesn't get assigned the dynamic part's address. So the primary group variable gets an address which is basically a representation of the ACL size, hence the said address is bogus and it's where the page fault kicks in. CORE-18249
This commit is contained in:
George Bișoc
parent
626fd4d240
commit
86bde3c76a
1 changed files with 10 additions and 3 deletions
|
|
@ -1227,6 +1227,7 @@ NtSetInformationToken(
|
|||
if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
|
||||
{
|
||||
PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
|
||||
ULONG AclSize;
|
||||
ULONG_PTR PrimaryGroup;
|
||||
PSID InputSid = NULL, CapturedSid;
|
||||
ULONG PrimaryGroupIndex, NewDynamicLength;
|
||||
|
|
@ -1309,9 +1310,15 @@ NtSetInformationToken(
|
|||
/* Take away available space from the dynamic area */
|
||||
Token->DynamicAvailable -= RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid);
|
||||
|
||||
/* And assign the primary group */
|
||||
PrimaryGroup = (ULONG_PTR)(Token->DynamicPart) + Token->DefaultDacl ?
|
||||
Token->DefaultDacl->AclSize : 0;
|
||||
/*
|
||||
* And assign the new primary group. For that
|
||||
* we have to make sure where the primary group
|
||||
* is going to stay in memory, so if this token
|
||||
* has a default DACL then add up its size with
|
||||
* the address of the dynamic part.
|
||||
*/
|
||||
AclSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
|
||||
PrimaryGroup = (ULONG_PTR)(Token->DynamicPart) + AclSize;
|
||||
RtlCopySid(RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid),
|
||||
(PVOID)PrimaryGroup,
|
||||
Token->UserAndGroups[PrimaryGroupIndex].Sid);
|
||||
|
|
|
|||
Loading…
Reference in a new issue