Piotr Caban : ntdll: Improve parameter validation in RtlAddAce.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Mar 30 10:12:59 CDT 2015
Module: wine
Branch: master
Commit: 966c5dffed3e8f089a0648e2e94d300620869bbc
URL: http://source.winehq.org/git/wine.git/?a=commit;h=966c5dffed3e8f089a0648e2e94d300620869bbc
Author: Piotr Caban <piotr at codeweavers.com>
Date: Sat Mar 28 15:26:37 2015 +0100
ntdll: Improve parameter validation in RtlAddAce.
---
dlls/advapi32/tests/security.c | 46 ++++++++++++++++++++++++++++++++++++++++++
dlls/ntdll/sec.c | 4 +++-
2 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 15c3b1d..0e9cf8c 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -5568,6 +5568,51 @@ static void test_AdjustTokenPrivileges(void)
CloseHandle(token);
}
+static void test_AddAce(void)
+{
+ static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
+
+ char acl_buf[1024], ace_buf[256];
+ ACCESS_ALLOWED_ACE *ace = (ACCESS_ALLOWED_ACE*)ace_buf;
+ PACL acl = (PACL)acl_buf;
+ BOOL ret;
+
+ memset(ace, 0, sizeof(ace_buf));
+ ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD)+sizeof(SID);
+ memcpy(&ace->SidStart, &sidWorld, sizeof(sidWorld));
+
+ ret = InitializeAcl(acl, sizeof(acl_buf), ACL_REVISION2);
+ ok(ret, "InitializeAcl failed: %d\n", GetLastError());
+
+ ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ret = AddAce(acl, ACL_REVISION2, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ret = AddAce(acl, ACL_REVISION3, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ok(acl->AclRevision == ACL_REVISION3, "acl->AclRevision = %d\n", acl->AclRevision);
+ ret = AddAce(acl, ACL_REVISION4, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ok(acl->AclRevision == ACL_REVISION4, "acl->AclRevision = %d\n", acl->AclRevision);
+ ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ok(acl->AclRevision == ACL_REVISION4, "acl->AclRevision = %d\n", acl->AclRevision);
+ ret = AddAce(acl, ACL_REVISION2, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+
+ ret = AddAce(acl, MIN_ACL_REVISION-1, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ /* next test succeededs but corrupts ACL */
+ ret = AddAce(acl, MAX_ACL_REVISION+1, MAXDWORD, ace, ace->Header.AceSize);
+ ok(ret, "AddAce failed: %d\n", GetLastError());
+ ok(acl->AclRevision == MAX_ACL_REVISION+1, "acl->AclRevision = %d\n", acl->AclRevision);
+ SetLastError(0xdeadbeef);
+ ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
+ ok(!ret, "AddAce succeeded\n");
+ ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
+}
+
START_TEST(security)
{
init();
@@ -5609,4 +5654,5 @@ START_TEST(security)
test_TokenIntegrityLevel();
test_default_dacl_owner_sid();
test_AdjustTokenPrivileges();
+ test_AddAce();
}
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index b733f77..0917780 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1167,7 +1167,7 @@ NTSTATUS WINAPI RtlAddAce(
PACE_HEADER ace,targetace;
int nrofaces;
- if (acl->AclRevision != ACL_REVISION)
+ if (!RtlValidAcl(acl))
return STATUS_INVALID_PARAMETER;
if (!RtlFirstFreeAce(acl,&targetace))
return STATUS_INVALID_PARAMETER;
@@ -1180,6 +1180,8 @@ NTSTATUS WINAPI RtlAddAce(
return STATUS_INVALID_PARAMETER;
memcpy(targetace,acestart,acelen);
acl->AceCount+=nrofaces;
+ if (rev > acl->AclRevision)
+ acl->AclRevision = rev;
return STATUS_SUCCESS;
}
More information about the wine-cvs
mailing list