From cb2c49a1eaf9672344d75fcd21f7f308d66231a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Thu, 29 May 2014 21:34:35 +0000 Subject: [PATCH] [LSASRV] - Just run again the loop if LsarOpenAccount call failed (that also avoids a call to LsarClose on a NULL handle, that is trapped by the kdbg if one enabled "set condition * first always"). - Free the memory and the opened handles before returning in case of failure of LsapAddPrivilegeToTokenPrivileges. Maybe this cleaning step can be done more elegantly. Eric, can you please review that? It should be good I think. svn path=/trunk/; revision=63496 --- reactos/dll/win32/lsasrv/authpackage.c | 29 ++++++++++++++++---------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/reactos/dll/win32/lsasrv/authpackage.c b/reactos/dll/win32/lsasrv/authpackage.c index a9f57ab76c6..f07e1fd3935 100644 --- a/reactos/dll/win32/lsasrv/authpackage.c +++ b/reactos/dll/win32/lsasrv/authpackage.c @@ -1308,23 +1308,30 @@ LsapSetPrivileges( TokenInfo1->Groups->Groups[i].Sid, ACCOUNT_VIEW, &AccountHandle); + if (!NT_SUCCESS(Status)) + continue; + + Status = LsarEnumeratePrivilegesAccount(AccountHandle, + &Privileges); if (NT_SUCCESS(Status)) { - Status = LsarEnumeratePrivilegesAccount(AccountHandle, - &Privileges); - if (NT_SUCCESS(Status)) + for (j = 0; j < Privileges->PrivilegeCount; j++) { - for (j = 0; j < Privileges->PrivilegeCount; j++) + Status = LsapAddPrivilegeToTokenPrivileges(&TokenInfo1->Privileges, + &(Privileges->Privilege[j])); + if (!NT_SUCCESS(Status)) { - Status = LsapAddPrivilegeToTokenPrivileges(&TokenInfo1->Privileges, - &(Privileges->Privilege[j])); - if (!NT_SUCCESS(Status)) - return Status; - } + /* We failed, clean everything and return */ + LsaIFree_LSAPR_PRIVILEGE_SET(Privileges); + LsarClose(&AccountHandle); + LsarClose(&PolicyHandle); - LsaIFree_LSAPR_PRIVILEGE_SET(Privileges); - Privileges = NULL; + return Status; + } } + + LsaIFree_LSAPR_PRIVILEGE_SET(Privileges); + Privileges = NULL; } LsarClose(&AccountHandle);