Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-06 02:32:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

pool.c: assert irql and pool type for PASSIVE_LEVEL and above.

Browse source 
ntoskrnl/ob/security.c:
This function did not either identify the new descriptor as self relative
nor honor the case where self-relative was not set.  Now fixed.
Bug identified by WaxDragon (while loading a cygwin app)

svn path=/trunk/; revision=11140
This commit is contained in:
Art Yerkes 2004-10-01 04:00:11 +00:00
parent 2c3fecda88
commit a07571a47c
2 changed files with 45 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
reactos/ntoskrnl/mm/pool.c
View file

@ -1,4 +1,4 @@
/* $Id: pool.c,v 1.33 2004/08/21 20:05:35 tamlin Exp $ /* $Id: pool.c,v 1.34 2004/10/01 04:00:11 arty Exp $
* *
* COPYRIGHT: See COPYING in the top level directory * COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel * PROJECT: ReactOS kernel
@ -93,6 +93,9 @@ ExAllocatePool (POOL_TYPE PoolType, ULONG NumberOfBytes)
*/ */
{ {
PVOID Block; PVOID Block;
ASSERT_IRQL(DISPATCH_LEVEL);
assert(KeGetCurrentIrql() == PASSIVE_LEVEL || PoolType == NonPagedPool);
#if defined(__GNUC__) #if defined(__GNUC__)
Block = EiAllocatePool(PoolType, Block = EiAllocatePool(PoolType,
@ -120,6 +123,10 @@ PVOID STDCALL
ExAllocatePoolWithTag (ULONG PoolType, ULONG NumberOfBytes, ULONG Tag) ExAllocatePoolWithTag (ULONG PoolType, ULONG NumberOfBytes, ULONG Tag)
{ {
PVOID Block; PVOID Block;
ASSERT_IRQL(DISPATCH_LEVEL);
assert(KeGetCurrentIrql() == PASSIVE_LEVEL || PoolType != PagedPool);
#if defined(__GNUC__) #if defined(__GNUC__)
Block = EiAllocatePool(PoolType, Block = EiAllocatePool(PoolType,
@ -161,6 +168,9 @@ ExAllocatePoolWithTagPriority(
IN EX_POOL_PRIORITY Priority IN EX_POOL_PRIORITY Priority
) )
{ {
ASSERT_IRQL(DISPATCH_LEVEL);
assert(KeGetCurrentIrql() == PASSIVE_LEVEL || PoolType != PagedPool);
/* Check if this is one of the "Special" Flags, used by the Verifier */ /* Check if this is one of the "Special" Flags, used by the Verifier */
if (Priority & 8) { if (Priority & 8) {
/* Check if this is a xxSpecialUnderrun */ /* Check if this is a xxSpecialUnderrun */
@ -188,6 +198,9 @@ ExAllocatePoolWithQuotaTag (IN POOL_TYPE PoolType,
PVOID Block; PVOID Block;
PEPROCESS Process; PEPROCESS Process;
ASSERT_IRQL(DISPATCH_LEVEL);
assert(KeGetCurrentIrql() == PASSIVE_LEVEL || PoolType == NonPagedPool);
/* Allocate the Pool First */ /* Allocate the Pool First */
Block = EiAllocatePool(PoolType, Block = EiAllocatePool(PoolType,
NumberOfBytes, NumberOfBytes,
@ -232,6 +245,8 @@ ExAllocatePoolWithQuotaTag (IN POOL_TYPE PoolType,
VOID STDCALL VOID STDCALL
ExFreePool(IN PVOID Block) ExFreePool(IN PVOID Block)
{ {
ASSERT_IRQL(DISPATCH_LEVEL);
if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase + MmPagedPoolSize)) if (Block >= MmPagedPoolBase && (char*)Block < ((char*)MmPagedPoolBase + MmPagedPoolSize))
{ {
ExFreePagedPool(Block); ExFreePagedPool(Block);
@ -248,6 +263,7 @@ ExFreePool(IN PVOID Block)
VOID STDCALL VOID STDCALL
ExFreePoolWithTag(IN PVOID Block, IN ULONG Tag) ExFreePoolWithTag(IN PVOID Block, IN ULONG Tag)
{ {
ASSERT_IRQL(DISPATCH_LEVEL);
/* FIXME: Validate the tag */ /* FIXME: Validate the tag */
ExFreePool(Block); ExFreePool(Block);
} }

38
reactos/ntoskrnl/ob/security.c
View file

@ -266,18 +266,22 @@ NtSetSecurityObject(IN HANDLE Handle,
{ {
if (SecurityDescriptor->Owner != NULL) if (SecurityDescriptor->Owner != NULL)
{ {
Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner + (ULONG_PTR)SecurityDescriptor); if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); Owner = (PSID)((ULONG_PTR)SecurityDescriptor->Owner +
(ULONG_PTR)SecurityDescriptor);
else
Owner = (PSID)SecurityDescriptor->Owner;
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_OWNER_DEFAULTED);
} }
else else
{ {
if (ObjectSd->Owner != NULL) if (ObjectSd->Owner != NULL)
{ {
Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd); Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4); OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
} }
Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED); Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
} }
@ -286,8 +290,12 @@ NtSetSecurityObject(IN HANDLE Handle,
{ {
if (SecurityDescriptor->Group != NULL) if (SecurityDescriptor->Group != NULL)
{ {
Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group + (ULONG_PTR)SecurityDescriptor); if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
GroupLength = ROUND_UP(RtlLengthSid(Group), 4); Group = (PSID)((ULONG_PTR)SecurityDescriptor->Group +
(ULONG_PTR)SecurityDescriptor);
else
Group = (PSID)SecurityDescriptor->Group;
GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
} }
Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED); Control |= (SecurityDescriptor->Control & SE_GROUP_DEFAULTED);
} }
@ -307,7 +315,12 @@ NtSetSecurityObject(IN HANDLE Handle,
if ((SecurityDescriptor->Control & SE_DACL_PRESENT) && if ((SecurityDescriptor->Control & SE_DACL_PRESENT) &&
(SecurityDescriptor->Dacl != NULL)) (SecurityDescriptor->Dacl != NULL))
{ {
Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl + (ULONG_PTR)SecurityDescriptor); if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
Dacl = (PACL)((ULONG_PTR)SecurityDescriptor->Dacl +
(ULONG_PTR)SecurityDescriptor);
else
Dacl = (PACL)SecurityDescriptor->Dacl;
DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4); DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
@ -329,8 +342,12 @@ NtSetSecurityObject(IN HANDLE Handle,
if ((SecurityDescriptor->Control & SE_SACL_PRESENT) && if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
(SecurityDescriptor->Sacl != NULL)) (SecurityDescriptor->Sacl != NULL))
{ {
Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl + (ULONG_PTR)SecurityDescriptor); if( SecurityDescriptor->Control & SE_SELF_RELATIVE )
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4); Sacl = (PACL)((ULONG_PTR)SecurityDescriptor->Sacl +
(ULONG_PTR)SecurityDescriptor);
else
Sacl = (PACL)SecurityDescriptor->Sacl;
SaclLength = ROUND_UP((ULONG)Sacl->AclSize, 4);
} }
Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT)); Control |= (SecurityDescriptor->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
} }
@ -356,7 +373,8 @@ NtSetSecurityObject(IN HANDLE Handle,
RtlCreateSecurityDescriptor(NewSd, RtlCreateSecurityDescriptor(NewSd,
SECURITY_DESCRIPTOR_REVISION1); SECURITY_DESCRIPTOR_REVISION1);
NewSd->Control = Control; /* We always build a self-relative descriptor */
NewSd->Control = Control | SE_SELF_RELATIVE;
Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR); Current = (ULONG_PTR)NewSd + sizeof(SECURITY_DESCRIPTOR);