ntdll: More error checking. Properly handle NULL ACLs.

c0a5671d · Vitaliy Margolen · Alexandre Julliard · 1780ca67 · c0a5671d · c0a5671d
Commit c0a5671d authored Feb 27, 2007 by Vitaliy Margolen Committed by Alexandre Julliard Feb 28, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 7 deletions

security.c dlls/advapi32/tests/security.c +7 -0

sec.c dlls/ntdll/sec.c +12 -7

No files found.
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1477,10 +1477,17 @@ static void test_process_security(void)
    event = CreateEvent( NULL, TRUE, TRUE, "test_event" );
    ok(event != NULL, "CreateEvent %d\n", GetLastError());

+    SecurityDescriptor->Revision = 0;
+    CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_UNKNOWN_REVISION );
+    SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
+
    CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
    CHECK_SET_SECURITY( event, GROUP_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
    CHECK_SET_SECURITY( event, SACL_SECURITY_INFORMATION, ERROR_ACCESS_DENIED );
    CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
+    /* NULL DACL is valid and means default DACL from token */
+    SecurityDescriptor->Control |= SE_DACL_PRESENT;
+    CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );

    /* Set owner and group and dacl */
    res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);

--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1569,34 +1569,39 @@ NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle,
    if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;

    memset( &sd, 0, sizeof(sd) );
-    RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    status = RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    if (status != STATUS_SUCCESS) return status;
    sd.control = control & ~SE_SELF_RELATIVE;

    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
    {
-        RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        status = RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
        if (!(sd.owner_len = RtlLengthSid( owner )))
            return STATUS_INVALID_SECURITY_DESCR;
    }

    if (SecurityInformation & GROUP_SECURITY_INFORMATION)
    {
-        RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        status = RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
        if (!(sd.group_len = RtlLengthSid( group )))
            return STATUS_INVALID_SECURITY_DESCR;
    }

    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
-        RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
-        sd.sacl_len = present ? sacl->AclSize : 0;
+        status = RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
+        sd.sacl_len = (sacl && present) ? sacl->AclSize : 0;
        sd.control |= SE_SACL_PRESENT;
    }

    if (SecurityInformation & DACL_SECURITY_INFORMATION)
    {
-        RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
-        sd.dacl_len = present ? dacl->AclSize : 0;
+        status = RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
+        sd.dacl_len = (dacl && present) ? dacl->AclSize : 0;
        sd.control |= SE_DACL_PRESENT;
    }