Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 22:56:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523)

Browse source 
This function is either called inter-kernel (in which case, all
parameters must be valid, and if not, we have to bugcheck), or, it
is called with **captured** parameters (from NtFilterToken) and those
latter ones are now expected to be valid and reside in kernel-mode.
Finally, data copied between token structures reside in kernel-mode
only and again are expected to be valid (if not, we bugcheck).
This commit is contained in:
Hermès Bélusca-Maïto 2022-05-20 02:26:21 +02:00
parent 389a2da7ff
commit b33911b93d
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 26 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

132
ntoskrnl/se/token.c
View file

@ -2254,27 +2254,9 @@ SepPerformTokenFiltering(
EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength); EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
VariableLength -= PrivilegesLength; VariableLength -= PrivilegesLength;
if (PreviousMode != KernelMode) RtlCopyMemory(AccessToken->Privileges,
{ Token->Privileges,
_SEH2_TRY AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
{
RtlCopyMemory(AccessToken->Privileges,
Token->Privileges,
AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
_SEH2_YIELD(goto Quit);
}
_SEH2_END;
}
else
{
RtlCopyMemory(AccessToken->Privileges,
Token->Privileges,
AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
}
} }
/* Copy the user and groups */ /* Copy the user and groups */
@ -2287,39 +2269,17 @@ SepPerformTokenFiltering(
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount]; EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups); VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
if (PreviousMode != KernelMode) Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
Token->UserAndGroups,
VariableLength,
AccessToken->UserAndGroups,
EndMem,
&EndMem,
&VariableLength);
if (!NT_SUCCESS(Status))
{ {
_SEH2_TRY DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status);
{ goto Quit;
Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
Token->UserAndGroups,
VariableLength,
AccessToken->UserAndGroups,
EndMem,
&EndMem,
&VariableLength);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
_SEH2_YIELD(goto Quit);
}
_SEH2_END;
}
else
{
Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
Token->UserAndGroups,
VariableLength,
AccessToken->UserAndGroups,
EndMem,
&EndMem,
&VariableLength);
if (!NT_SUCCESS(Status))
{
DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups into token (Status 0x%lx)\n", Status);
goto Quit;
}
} }
} }
@ -2333,39 +2293,17 @@ SepPerformTokenFiltering(
EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount]; EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids); VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
if (PreviousMode != KernelMode) Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
Token->RestrictedSids,
VariableLength,
AccessToken->RestrictedSids,
EndMem,
&EndMem,
&VariableLength);
if (!NT_SUCCESS(Status))
{ {
_SEH2_TRY DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status);
{ goto Quit;
Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
Token->RestrictedSids,
VariableLength,
AccessToken->RestrictedSids,
EndMem,
&EndMem,
&VariableLength);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
_SEH2_YIELD(goto Quit);
}
_SEH2_END;
}
else
{
Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
Token->RestrictedSids,
VariableLength,
AccessToken->RestrictedSids,
EndMem,
&EndMem,
&VariableLength);
if (!NT_SUCCESS(Status))
{
DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted SIDs into token (Status 0x%lx)\n", Status);
goto Quit;
}
} }
} }
@ -2614,27 +2552,9 @@ SepPerformTokenFiltering(
EndMem = (PVOID)((ULONG_PTR)EndMem + RestrictedSidsLength); EndMem = (PVOID)((ULONG_PTR)EndMem + RestrictedSidsLength);
VariableLength -= RestrictedSidsLength; VariableLength -= RestrictedSidsLength;
if (PreviousMode != KernelMode) RtlCopyMemory(AccessToken->RestrictedSids,
{ RestrictedSidsIntoToken,
_SEH2_TRY AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
{
RtlCopyMemory(AccessToken->RestrictedSids,
RestrictedSidsIntoToken,
AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
_SEH2_YIELD(goto Quit);
}
_SEH2_END;
}
else
{
RtlCopyMemory(AccessToken->RestrictedSids,
RestrictedSidsIntoToken,
AccessToken->RestrictedSidCount * sizeof(SID_AND_ATTRIBUTES));
}
/* /*
* As we've copied the restricted SIDs into * As we've copied the restricted SIDs into