Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-20 11:48:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[KERNEL32] Let KERNEL32 assign security to NLS section names

Browse source 
Currently Kernel32 doesn't make any server call to Basesrv in order to create NLS section names, instead it's Kernel32 itself that handles the job of NLS section names. With that said, let Kernel32 assign a security descriptor to NLS section names. See the FIXME comment on code for further dtails
This commit is contained in:
George Bișoc 2022-04-11 20:24:41 +02:00
parent 5696e4ba4d
commit bf40c7a310
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
1 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
dll/win32/kernel32/winnls/string/nls.c
View file

@ -59,6 +59,9 @@ GetCPFileNameFromRegistry(UINT CodePage, LPWSTR FileName, ULONG FileNameSize);
NTSTATUS
CreateNlsDirectorySecurity(_Out_ PSECURITY_DESCRIPTOR *NlsSecurityDescriptor);
NTSTATUS WINAPI
CreateNlsSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor, _In_ SIZE_T DescriptorSize, _In_ ULONG AccessMask);
/* PRIVATE FUNCTIONS **********************************************************/
/**
@ -219,6 +222,7 @@ IntGetCodePageEntry(UINT CodePage)
WCHAR FileName[MAX_PATH + 1];
UINT FileNamePos;
PCODEPAGE_ENTRY CodePageEntry;
PSECURITY_DESCRIPTOR NlsSd;
if (CodePage == CP_ACP)
{
return &AnsiCodePage;
@ -281,7 +285,23 @@ IntGetCodePageEntry(UINT CodePage)
RtlInitAnsiString(&AnsiName, SectionName);
RtlAnsiStringToUnicodeString(&UnicodeName, &AnsiName, TRUE);
InitializeObjectAttributes(&ObjectAttributes, &UnicodeName, 0, NULL, NULL);
/*
* FIXME: IntGetCodePageEntry should not create any security
* descriptor here but instead this responsibility should be
* assigned to Base Server API (aka basesrv.dll). That is,
* kernel32 must instruct basesrv.dll on creating NLS section
* names that do not exist through API message communication.
* However since we do not do that, let the kernel32 do the job
* by assigning security to NLS section names for the time being...
*/
Status = CreateNlsSecurityDescriptor(&NlsSd, sizeof(SECURITY_DESCRIPTOR), SECTION_MAP_READ);
if (!NT_SUCCESS(Status))
{
RtlLeaveCriticalSection(&CodePageListLock);
return NULL;
}
InitializeObjectAttributes(&ObjectAttributes, &UnicodeName, 0, NULL, NlsSd);
/* Try to open the section first */
Status = NtOpenSection(&SectionHandle, SECTION_MAP_READ, &ObjectAttributes);
@ -329,6 +349,7 @@ IntGetCodePageEntry(UINT CodePage)
}
}
RtlFreeUnicodeString(&UnicodeName);
HeapFree(GetProcessHeap(), 0, NlsSd);
if (!NT_SUCCESS(Status))
{