Vitaliy Margolen : ntdll: More error checking. Properly handle NULL ACLs. - wine-commits

28 Feb 2007

Module: wine
Branch: master
Commit: c0a5671d9ce14284ddf905bca9276632dd16bd54
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c0a5671d9ce14284ddf905bca9...
Author: Vitaliy Margolen wine-patches@kievinfo.com
Date:   Tue Feb 27 07:28:18 2007 -0700
ntdll: More error checking. Properly handle NULL ACLs.
---
dlls/advapi32/tests/security.c |    7 +++++++
 dlls/ntdll/sec.c               |   19 ++++++++++++-------
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 95d2f9c..3e8459e 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1477,10 +1477,17 @@ static void test_process_security(void)
     event = CreateEvent( NULL, TRUE, TRUE, "test_event" );
     ok(event != NULL, "CreateEvent %d\n", GetLastError());
+    SecurityDescriptor->Revision = 0;
+    CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_UNKNOWN_REVISION );
+    SecurityDescriptor->Revision = SECURITY_DESCRIPTOR_REVISION;
+
     CHECK_SET_SECURITY( event, OWNER_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
     CHECK_SET_SECURITY( event, GROUP_SECURITY_INFORMATION, ERROR_INVALID_SECURITY_DESCR );
     CHECK_SET_SECURITY( event, SACL_SECURITY_INFORMATION, ERROR_ACCESS_DENIED );
     CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
+    /* NULL DACL is valid and means default DACL from token */
+    SecurityDescriptor->Control |= SE_DACL_PRESENT;
+    CHECK_SET_SECURITY( event, DACL_SECURITY_INFORMATION, ERROR_SUCCESS );
/* Set owner and group and dacl */
     res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 7380786..64384cf 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1569,34 +1569,39 @@ NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle,
     if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
memset( &sd, 0, sizeof(sd) );
-    RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    status = RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    if (status != STATUS_SUCCESS) return status;
     sd.control = control & ~SE_SELF_RELATIVE;
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
     {
-        RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        status = RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
         if (!(sd.owner_len = RtlLengthSid( owner )))
             return STATUS_INVALID_SECURITY_DESCR;
     }
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
     {
-        RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        status = RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
         if (!(sd.group_len = RtlLengthSid( group )))
             return STATUS_INVALID_SECURITY_DESCR;
     }
if (SecurityInformation & SACL_SECURITY_INFORMATION)
     {
-        RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
-        sd.sacl_len = present ? sacl->AclSize : 0;
+        status = RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
+        sd.sacl_len = (sacl && present) ? sacl->AclSize : 0;
         sd.control |= SE_SACL_PRESENT;
     }
if (SecurityInformation & DACL_SECURITY_INFORMATION)
     {
-        RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
-        sd.dacl_len = present ? dacl->AclSize : 0;
+        status = RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
+        if (status != STATUS_SUCCESS) return status;
+        sd.dacl_len = (dacl && present) ? dacl->AclSize : 0;
         sd.control |= SE_DACL_PRESENT;
     }

    