lywsvip/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2026-06-01 17:00:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:SE] Do not set SE_DACL_PRESENT flag that early

Browse Source 
The function might assign the flag yet it could possibly fail on creating a DACL and insert an "access allowed" right to the access entry within the DACL. In this case, make sure we actually succeeded on all the tasks and THEN assign the flag that the DACL is truly present.

Also, make sure that the Current buffer size variable gets its new size so that we avoid overidding the memory of the DACL if the security descriptor wants both a DACL and SACL and so that happens that the DACL memory gets overwritten by the SACL.
This commit is contained in:
George Bișoc
2021-09-24 19:39:30 +02:00
parent f341b9080b
commit 0b4763f1b1
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ntoskrnl/se/sd.c
View File

@@ -220,7 +220,6 @@ SeSetWorldSecurityDescriptor(
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
SdRel->Control |= SE_DACL_PRESENT;
Status = RtlCreateAcl(Dacl,
sizeof(ACL) + sizeof(ACE) + SidSize,
@@ -235,7 +234,9 @@ SeSetWorldSecurityDescriptor(
if (!NT_SUCCESS(Status))
return Status;
SdRel->Control |= SE_DACL_PRESENT;
SdRel->Dacl = Current;
Current += SidSize;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)