Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-29 14:09:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ntoskrnl] Check if caller has valid access before opening a registry key

Browse source 
Assign security descriptor to new keys we're creating

svn path=/trunk/; revision=42960
This commit is contained in:
Hervé Poussineau 2009-08-29 10:35:30 +00:00
parent 291b697b95
commit b6f0ced7a5
1 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
reactos/ntoskrnl/config/cmparse.c
View file

@ -224,6 +224,7 @@ CmpDoCreateChild(IN PHHIVE Hive,
ULONG StorageType;
LARGE_INTEGER SystemTime;
PCM_KEY_CONTROL_BLOCK Kcb;
PSECURITY_DESCRIPTOR NewDescriptor;
/* Get the storage type */
StorageType = Stable;
@ -360,6 +361,26 @@ CmpDoCreateChild(IN PHHIVE Hive,
/* Link it with the KCB */
EnlistKeyBodyWithKCB(KeyBody, 0);
/* Assign security */
Status = SeAssignSecurity(ParentDescriptor,
AccessState->SecurityDescriptor,
&NewDescriptor,
TRUE,
&AccessState->SubjectSecurityContext,
&CmpKeyObjectType->TypeInfo.GenericMapping,
CmpKeyObjectType->TypeInfo.PoolType);
if (NT_SUCCESS(Status))
{
Status = CmpSecurityMethod(*Object,
AssignSecurityDescriptor,
NULL,
NewDescriptor,
NULL,
NULL,
CmpKeyObjectType->TypeInfo.PoolType,
&CmpKeyObjectType->TypeInfo.GenericMapping);
}
Quickie:
/* Check if we got here because of failure */
if (!NT_SUCCESS(Status))
@ -686,6 +707,16 @@ CmpDoOpen(IN PHHIVE Hive,
/* Link to the KCB */
EnlistKeyBodyWithKCB(KeyBody, 0);
if (!ObCheckObjectAccess(*Object,
AccessState,
FALSE,
AccessMode,
&Status))
{
/* Access check failed */
ObDereferenceObject(*Object);
}
}
else
{