24 Jan
2021
24 Jan
'21
4:42 p.m.
On 1/24/21 2:47 AM, Dmitry Timoshkov wrote:
Zebediah Figura z.figura12@gmail.com wrote:
@@ -1522,17 +1525,43 @@ DWORD WINAPI GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE type, SECURITY_INFOR } else {
HKEY key = NULL;if (type == SE_REGISTRY_KEY && (HandleToUlong(handle) >= HandleToUlong(HKEY_SPECIAL_ROOT_FIRST))&& (HandleToUlong(handle) <= HandleToUlong(HKEY_SPECIAL_ROOT_LAST))){REGSAM access = READ_CONTROL;DWORD ret;if (SecurityInfo & SACL_SECURITY_INFORMATION)access |= ACCESS_SYSTEM_SECURITY;if ((ret = RegOpenKeyExW( handle, L"\\", 0, access, &key )))return ret;handle = key;}status = NtQuerySecurityObject( handle, SecurityInfo, NULL, 0, &size ); if (status != STATUS_SUCCESS && status != STATUS_BUFFER_TOO_SMALL){RegCloseKey( key ); return RtlNtStatusToDosError( status );}It would be helpful to test whether NtQuerySecurityObject() is supposed to handle such case on its own, without hacks on GetSecurityInfo() side.
That GetKernelObjectSecurity() and SE_KERNEL_OBJECT both fail is a pretty good indicator, I think, but sure, there's no harm in adding extra tests.