This leaked at least one IRP for every write, making it the largest leak when
running with BTRFS as the system volume.
Thanks to Victor Perevertkin.
Submitted upstream thanks to Pierre:
https://github.com/maharmstone/btrfs/pull/106
IopCloseFile can be called by IopDeleteFile. In that situation, it
doesn't set any process as first parameter. Furthermore, we are in a
situation where it's not required to lock the file object (see the
assert before the call).
- Flush the new control set after the control set has been created.
- Make sure that we create a new control set only on the first boot after setup.
- Move the control set copy code to a separate function.
- Get rid of the global control set values.
- Check whether the user-provided token is a primary token.
- Do not fail when the RtlAdjustPrivilege() call fails (see the code
comment for an explanation). TL;DR is: that call may indeed fail but
the privilege may also not be necessary because the user-provided
token is a restricted version of the caller's primary token.
And this is situation is perfectly fine.
This fixes Java 7 installation, CORE-14874.
- SeIsTokenChild(): Correctly check whether a caller-provided token
is a child from the current process' primary token by looking at
its ParentTokenId member.
- Add a SeIsTokenSibling() helper to determine whether a caller-provided
token and the current process' primary token are siblings, by comparing
their ParentTokenId's and AuthenticationId's.
NOTE: Children tokens are created through CreateRestrictedToken();
sibling tokens are created through DuplicateToken() (amongst others).
See slide 49 of https://www.slideshare.net/Shakacon/social-engineering-the-windows-kernel-by-james-forshaw
or https://googleprojectzero.blogspot.com/2016/01/raising-dead.html
for some details.
Now that SetupDiCreateDevRegKeyW is working as expected, we can no
longer (ab)use it to retrieve a ports resources. Use SetupDiGetDeviceInstanceIdW instead and open the registry keys manually.
Also comment about the observed behaviour of the returned number of "characters"
returned by the ANSI versions of these APIs (which is tested by advapi32_winetest:service).
[ADVAPI32:SCM] Add a comment concerning wide characters vs. bytes mismatch.
This allows the code to give a last chance for expanding the string.
And if it still fails, we bail out as expected and the caller will
take appropriate actions.
As a by-product, this commit (together with the previous one e2960914)
fixes the regression CORE-14981 (Quick-Launch bar couldn't be opened
in LiveCD).