[PATCH 2/2] ntdll: Improve invalid paramater handling in NtAccessCheck.
Nikolay Sivov
bunglehead at gmail.com
Mon Feb 15 15:14:33 CST 2016
On 16.02.2016 0:10, Sebastian Lackner wrote:
>>
>> diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
>> index 125c86e..c32ae0c 100644
>> --- a/dlls/ntdll/sec.c
>> +++ b/dlls/ntdll/sec.c
>> @@ -1586,7 +1586,16 @@ NtAccessCheck(
>> SecurityDescriptor, ClientToken, DesiredAccess, GenericMapping,
>> PrivilegeSet, ReturnLength, GrantedAccess, AccessStatus);
>>
>> - if (!PrivilegeSet || !ReturnLength)
>> + if (!ReturnLength)
>> + return STATUS_ACCESS_VIOLATION;
>> +
>> + if (*ReturnLength == 0)
>> + {
>> + *ReturnLength = sizeof(PRIVILEGE_SET);
>> + return STATUS_BUFFER_TOO_SMALL;
>> + }
>
> This looks a bit hacky. The code below assumes that *ReturnLength > FIELD_OFFSET( PRIVILEGE_SET, Privilege ),
> so it would be interesting to know what happens for sizes 0 ... 8.
>
>> +
>> + if (!PrivilegeSet)
>> return STATUS_ACCESS_VIOLATION;
>>
>> SERVER_START_REQ( access_check )
>>
>>
>>
Also it would be interesting to have same tests that call NtAccessCheck
directly.
More information about the wine-devel
mailing list