From bf40c7a310bfd48a5e9a0b822ab19b0d9443b788 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?George=20Bi=C8=99oc?= <george.bisoc@reactos.org>
Date: Mon, 11 Apr 2022 20:24:41 +0200
Subject: [PATCH] [KERNEL32] Let KERNEL32 assign security to NLS section names

Currently Kernel32 doesn't make any server call to Basesrv in order to create NLS section names, instead it's Kernel32 itself that handles the job of NLS section names. With that said, let Kernel32 assign a security descriptor to NLS section names. See the FIXME comment on code for further dtails
---
 dll/win32/kernel32/winnls/string/nls.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/dll/win32/kernel32/winnls/string/nls.c b/dll/win32/kernel32/winnls/string/nls.c
index 3a096884992..d810c429069 100644
--- a/dll/win32/kernel32/winnls/string/nls.c
+++ b/dll/win32/kernel32/winnls/string/nls.c
@@ -59,6 +59,9 @@ GetCPFileNameFromRegistry(UINT CodePage, LPWSTR FileName, ULONG FileNameSize);
 NTSTATUS
 CreateNlsDirectorySecurity(_Out_ PSECURITY_DESCRIPTOR *NlsSecurityDescriptor);
 
+NTSTATUS WINAPI
+CreateNlsSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor, _In_ SIZE_T DescriptorSize, _In_ ULONG AccessMask);
+
 /* PRIVATE FUNCTIONS **********************************************************/
 
 /**
@@ -219,6 +222,7 @@ IntGetCodePageEntry(UINT CodePage)
     WCHAR FileName[MAX_PATH + 1];
     UINT FileNamePos;
     PCODEPAGE_ENTRY CodePageEntry;
+    PSECURITY_DESCRIPTOR NlsSd;
     if (CodePage == CP_ACP)
     {
         return &AnsiCodePage;
@@ -281,7 +285,23 @@ IntGetCodePageEntry(UINT CodePage)
     RtlInitAnsiString(&AnsiName, SectionName);
     RtlAnsiStringToUnicodeString(&UnicodeName, &AnsiName, TRUE);
 
-    InitializeObjectAttributes(&ObjectAttributes, &UnicodeName, 0, NULL, NULL);
+    /*
+     * FIXME: IntGetCodePageEntry should not create any security
+     * descriptor here but instead this responsibility should be
+     * assigned to Base Server API (aka basesrv.dll). That is,
+     * kernel32 must instruct basesrv.dll on creating NLS section
+     * names that do not exist through API message communication.
+     * However since we do not do that, let the kernel32 do the job
+     * by assigning security to NLS section names for the time being...
+     */
+    Status = CreateNlsSecurityDescriptor(&NlsSd, sizeof(SECURITY_DESCRIPTOR), SECTION_MAP_READ);
+    if (!NT_SUCCESS(Status))
+    {
+        RtlLeaveCriticalSection(&CodePageListLock);
+        return NULL;
+    }
+
+    InitializeObjectAttributes(&ObjectAttributes, &UnicodeName, 0, NULL, NlsSd);
 
     /* Try to open the section first */
     Status = NtOpenSection(&SectionHandle, SECTION_MAP_READ, &ObjectAttributes);
@@ -329,6 +349,7 @@ IntGetCodePageEntry(UINT CodePage)
         }
     }
     RtlFreeUnicodeString(&UnicodeName);
+    HeapFree(GetProcessHeap(), 0, NlsSd);
 
     if (!NT_SUCCESS(Status))
     {