[NTOS:SE] Don't assert on levels that don't allow impersonation.

2026-05-23 07:40:09 +08:00 · 2021-11-21 17:18:25 -05:00
parent 3e5dcf7937
commit 88e3ef5fa0
1 changed files with 6 additions and 4 deletions
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -3582,11 +3582,13 @@ SeTokenCanImpersonate(

    /*
     * SecurityAnonymous and SecurityIdentification levels do not
-     * allow impersonation. If we get such levels from the call
-     * then something's seriously wrong.
+     * allow impersonation.
     */
-    ASSERT(ImpersonationLevel != SecurityAnonymous &&
-           ImpersonationLevel != SecurityIdentification);
+    if (ImpersonationLevel == SecurityAnonymous ||
+        ImpersonationLevel == SecurityIdentification)
+    {
+        return FALSE;
+    }

    /* Time to lock our tokens */
    SepAcquireTokenLockShared(ProcessToken);