From b33911b93dacbc0a1dcdf9869d5fb71b077a7617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Fri, 20 May 2022 02:26:21 +0200 Subject: [PATCH] [NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523) This function is either called inter-kernel (in which case, all parameters must be valid, and if not, we have to bugcheck), or, it is called with **captured** parameters (from NtFilterToken) and those latter ones are now expected to be valid and reside in kernel-mode. Finally, data copied between token structures reside in kernel-mode only and again are expected to be valid (if not, we bugcheck). --- ntoskrnl/se/token.c | 132 +++++++++----------------------------------- 1 file changed, 26 insertions(+), 106 deletions(-) diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c index f215f4c1fe2..96e972f2c5b 100644 --- a/ntoskrnl/se/token.c +++ b/ntoskrnl/se/token.c @@ -2254,27 +2254,9 @@ SepPerformTokenFiltering( EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength); VariableLength -= PrivilegesLength; - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - RtlCopyMemory(AccessToken->Privileges, - Token->Privileges, - AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - RtlCopyMemory(AccessToken->Privileges, - Token->Privileges, - AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); - } + RtlCopyMemory(AccessToken->Privileges, + Token->Privileges, + AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES)); } /* Copy the user and groups */ @@ -2287,39 +2269,17 @@ SepPerformTokenFiltering( EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount]; VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups); - if (PreviousMode != KernelMode) + Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, + Token->UserAndGroups, + VariableLength, + AccessToken->UserAndGroups, + EndMem, + &EndMem, + &VariableLength); + if (!NT_SUCCESS(Status)) { - _SEH2_TRY - { - Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, - Token->UserAndGroups, - VariableLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &VariableLength); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount, - Token->UserAndGroups, - VariableLength, - AccessToken->UserAndGroups, - EndMem, - &EndMem, - &VariableLength); - if (!NT_SUCCESS(Status)) - { - DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status); - goto Quit; - } + DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status); + goto Quit; } } @@ -2333,39 +2293,17 @@ SepPerformTokenFiltering( EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount]; VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids); - if (PreviousMode != KernelMode) + Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, + Token->RestrictedSids, + VariableLength, + AccessToken->RestrictedSids, + EndMem, + &EndMem, + &VariableLength); + if (!NT_SUCCESS(Status)) { - _SEH2_TRY - { - Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, - Token->RestrictedSids, - VariableLength, - AccessToken->RestrictedSids, - EndMem, - &EndMem, - &VariableLength); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount, - Token->RestrictedSids, - VariableLength, - AccessToken->RestrictedSids, - EndMem, - &EndMem, - &VariableLength); - if (!NT_SUCCESS(Status)) - { - DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status); - goto Quit; - } + DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status); + goto Quit; } } @@ -2614,27 +2552,9 @@ SepPerformTokenFiltering( EndMem = (PVOID)((ULONG_PTR)EndMem + RestrictedSidsLength); VariableLength -= RestrictedSidsLength; - if (PreviousMode != KernelMode) - { - _SEH2_TRY - { - RtlCopyMemory(AccessToken->RestrictedSids, - RestrictedSidsIntoToken, - AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - Status = _SEH2_GetExceptionCode(); - _SEH2_YIELD(goto Quit); - } - _SEH2_END; - } - else - { - RtlCopyMemory(AccessToken->RestrictedSids, - RestrictedSidsIntoToken, - AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); - } + RtlCopyMemory(AccessToken->RestrictedSids, + RestrictedSidsIntoToken, + AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES)); /* * As we've copied the restricted SIDs into