Vitaliy Margolen : ntdll: More error checking. Properly handle NULL
ACLs.
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Feb 28 08:19:00 CST 2007
Module: wine
Branch: master
Commit: c0a5671d9ce14284ddf905bca9276632dd16bd54
URL: http://source.winehq.org/git/wine.git/?a=commit;h=c0a5671d9ce14284ddf905bca9276632dd16bd54
Author: Vitaliy Margolen <wine-patches at kievinfo.com>
Date: Tue Feb 27 07:28:18 2007 -0700
ntdll: More error checking. Properly handle NULL ACLs.
---
dlls/advapi32/tests/security.c | 7 +++++++
dlls/ntdll/sec.c | 19 ++++++++++++-------
2 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 95d2f9c..3e8459e 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1477,10 +1477,17 @@ static void test_process_security(void)
event = CreateEvent( NULL, TRUE, TRUE, "test_event" );
ok(event != NULL, "CreateEvent %d\n", GetLastError());
+ SecurityDescriptor->Revision = 0;
+ CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_UNKNOWN_REVISION );
+ SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
+
CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
CHECK_SET_SECURITY( event, GROUP_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
CHECK_SET_SECURITY( event, SACL_SECURITY_INFORMATION, ERROR_ACCESS_DENIED );
CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
+ /* NULL DACL is valid and means default DACL from token */
+ SecurityDescriptor->Control |= SE_DACL_PRESENT;
+ CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
/* Set owner and group and dacl */
res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 7380786..64384cf 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1569,34 +1569,39 @@ NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle,
if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
memset( &sd, 0, sizeof(sd) );
- RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+ status = RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+ if (status != STATUS_SUCCESS) return status;
sd.control = control & ~SE_SELF_RELATIVE;
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
- RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+ status = RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+ if (status != STATUS_SUCCESS) return status;
if (!(sd.owner_len = RtlLengthSid( owner )))
return STATUS_INVALID_SECURITY_DESCR;
}
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
- RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+ status = RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+ if (status != STATUS_SUCCESS) return status;
if (!(sd.group_len = RtlLengthSid( group )))
return STATUS_INVALID_SECURITY_DESCR;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
- RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
- sd.sacl_len = present ? sacl->AclSize : 0;
+ status = RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
+ if (status != STATUS_SUCCESS) return status;
+ sd.sacl_len = (sacl && present) ? sacl->AclSize : 0;
sd.control |= SE_SACL_PRESENT;
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
- RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
- sd.dacl_len = present ? dacl->AclSize : 0;
+ status = RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
+ if (status != STATUS_SUCCESS) return status;
+ sd.dacl_len = (dacl && present) ? dacl->AclSize : 0;
sd.control |= SE_DACL_PRESENT;
}
More information about the wine-cvs
mailing list