[PATCH v5 0/9] MR6047: server: Deny opening handles to objects with zero access.

List overview All Threads

newer

older

Re: [PATCH v6 0/9] MR6047: server:...

Re: [PATCH v3 0/1] MR2463: dwmapi:...

Paul Gofman (＠gofman)

14 Feb 2025 14 Feb '25

9:50 p.m.

-- v5: server: Check for zero access in alloc_handle(). shell32: Don't open reg keys with zero access mask. wbemprox: Don't open reg keys with zero access mask. quartz: Don't open reg keys with zero access mask. devenum: Don't open reg keys with zero access mask. setupapi: Don't open reg keys with zero access mask. kernel32: Don't open reg keys with zero access mask. httpapi: Don't open files with zero access. ntoskrnl.exe/tests: Open directory object with nonzero access in test_permanent().

https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Show replies by date

Paul Gofman

14 Feb 14 Feb

9:50 p.m.

New subject: [PATCH v5 1/9] ntoskrnl.exe/tests: Open directory object with nonzero access in test_permanent().

From: Paul Gofman pgofman@codeweavers.com

--- dlls/ntoskrnl.exe/tests/driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index f82e34fca3b..7194dc403d7 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -2289,7 +2289,7 @@ static void test_permanence(void) ok(!status, "got %#lx\n", status);

attr.Attributes = 0; - status = ZwOpenDirectoryObject( &handle, 0, &attr ); + status = ZwOpenDirectoryObject( &handle, DIRECTORY_ALL_ACCESS, &attr ); ok(!status, "got %#lx\n", status); status = ZwMakeTemporaryObject( handle ); todo_wine @@ -2307,7 +2307,7 @@ static void test_permanence(void) todo_wine ok(!status, "got %#lx\n", status); attr.Attributes = OBJ_PERMANENT; - status = ZwOpenDirectoryObject( &handle2, 0, &attr ); + status = ZwOpenDirectoryObject( &handle2, DIRECTORY_ALL_ACCESS, &attr ); ok(status == STATUS_SUCCESS, "got %#lx\n", status); status = ZwClose( handle2 ); ok(!status, "got %#lx\n", status);

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 2/9] httpapi: Don't open files with zero access.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/httpapi/httpapi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dlls/httpapi/httpapi_main.c b/dlls/httpapi/httpapi_main.c index d1c2667be2e..28d67c98333 100644 --- a/dlls/httpapi/httpapi_main.c +++ b/dlls/httpapi/httpapi_main.c @@ -195,7 +195,7 @@ ULONG WINAPI HttpCreateHttpHandle(HANDLE *handle, ULONG reserved) return ERROR_INVALID_PARAMETER;

attr.ObjectName = &string; - return RtlNtStatusToDosError(NtCreateFile(handle, 0, &attr, &iosb, NULL, + return RtlNtStatusToDosError(NtCreateFile(handle, SYNCHRONIZE, &attr, &iosb, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_NON_DIRECTORY_FILE, NULL, 0)); }

@@ -843,7 +843,7 @@ ULONG WINAPI HttpCreateRequestQueue(HTTPAPI_VERSION version, const WCHAR *name, if (sa && sa->bInheritHandle) attr.Attributes |= OBJ_INHERIT; attr.SecurityDescriptor = sa ? sa->lpSecurityDescriptor : NULL; - return RtlNtStatusToDosError(NtCreateFile(handle, 0, &attr, &iosb, NULL, + return RtlNtStatusToDosError(NtCreateFile(handle, SYNCHRONIZE, &attr, &iosb, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_NON_DIRECTORY_FILE, NULL, 0)); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 3/9] kernel32: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/kernel32/profile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/kernel32/profile.c b/dlls/kernel32/profile.c index f65790ecc92..032802a42e0 100644 --- a/dlls/kernel32/profile.c +++ b/dlls/kernel32/profile.c @@ -1032,7 +1032,7 @@ static HKEY open_file_mapping_key( const WCHAR *filename )

if (!mapping_key && RegOpenKeyExW( HKEY_LOCAL_MACHINE, L"Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping", - 0, KEY_WOW64_64KEY, &mapping_key )) + 0, KEY_ENUMERATE_SUB_KEYS | KEY_WOW64_64KEY, &mapping_key )) mapping_key = NULL;

LeaveCriticalSection( &PROFILE_CritSect );

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 4/9] setupapi: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/setupapi/devinst.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/setupapi/devinst.c b/dlls/setupapi/devinst.c index 4e406fe700e..34e9454c828 100644 --- a/dlls/setupapi/devinst.c +++ b/dlls/setupapi/devinst.c @@ -842,7 +842,7 @@ static void remove_device(struct device *device) RegDeleteKeyW(device->key, emptyW);

/* delete all empty parents of the key */ - if (!RegOpenKeyExW(HKEY_LOCAL_MACHINE, Enum, 0, 0, &enum_key)) + if (!RegOpenKeyExW(HKEY_LOCAL_MACHINE, Enum, 0, KEY_ENUMERATE_SUB_KEYS, &enum_key)) { lstrcpyW(id, device->instanceId);

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 5/9] devenum: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/devenum/mediacatenum.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dlls/devenum/mediacatenum.c b/dlls/devenum/mediacatenum.c index 906d01b2057..7ba370a3a02 100644 --- a/dlls/devenum/mediacatenum.c +++ b/dlls/devenum/mediacatenum.c @@ -205,7 +205,7 @@ static HRESULT WINAPI property_bag_Read(IPropertyBag *iface, StringFromGUID2(&moniker->class, path + wcslen(path), CHARS_IN_GUID); wcscat(path, L"\Instance"); } - if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, path, 0, 0, &parent))) + if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, path, 0, KEY_ENUMERATE_SUB_KEYS, &parent))) return HRESULT_FROM_WIN32(ret); break;

@@ -213,7 +213,7 @@ static HRESULT WINAPI property_bag_Read(IPropertyBag *iface, wcscpy(path, L"Software\Microsoft\ActiveMovie\devenum\"); if (moniker->has_class) StringFromGUID2(&moniker->class, path + wcslen(path), CHARS_IN_GUID); - if ((ret = RegOpenKeyExW(HKEY_CURRENT_USER, path, 0, 0, &parent))) + if ((ret = RegOpenKeyExW(HKEY_CURRENT_USER, path, 0, KEY_ENUMERATE_SUB_KEYS, &parent))) return HRESULT_FROM_WIN32(ret); break;

@@ -317,7 +317,7 @@ static HRESULT WINAPI property_bag_Write(IPropertyBag *iface, const WCHAR *name, StringFromGUID2(&moniker->class, path + wcslen(path), CHARS_IN_GUID); wcscat(path, L"\Instance"); } - if ((ret = RegCreateKeyExW(HKEY_CLASSES_ROOT, path, 0, NULL, 0, 0, NULL, &parent, NULL))) + if ((ret = RegCreateKeyExW(HKEY_CLASSES_ROOT, path, 0, NULL, 0, KEY_ENUMERATE_SUB_KEYS, NULL, &parent, NULL))) return HRESULT_FROM_WIN32(ret); break;

@@ -325,7 +325,7 @@ static HRESULT WINAPI property_bag_Write(IPropertyBag *iface, const WCHAR *name, wcscpy(path, L"Software\Microsoft\ActiveMovie\devenum\"); if (moniker->has_class) StringFromGUID2(&moniker->class, path + wcslen(path), CHARS_IN_GUID); - if ((ret = RegCreateKeyExW(HKEY_CURRENT_USER, path, 0, NULL, 0, 0, NULL, &parent, NULL))) + if ((ret = RegCreateKeyExW(HKEY_CURRENT_USER, path, 0, NULL, 0, KEY_ENUMERATE_SUB_KEYS, NULL, &parent, NULL))) return HRESULT_FROM_WIN32(ret); break;

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 6/9] quartz: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/quartz/filtermapper.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dlls/quartz/filtermapper.c b/dlls/quartz/filtermapper.c index 87d7c4bb5d5..98b83455b5a 100644 --- a/dlls/quartz/filtermapper.c +++ b/dlls/quartz/filtermapper.c @@ -1470,7 +1470,7 @@ static HRESULT WINAPI FilterMapper_RegisterPin(IFilterMapper *iface, CLSID clsid if ((ret = RegSetValueExW(pin_key, L"IsRendered", 0, REG_DWORD, (const BYTE *)&rendered, sizeof(DWORD)))) ERR("Failed to set IsRendered value, error %lu.\n", ret);

- if (!(ret = RegCreateKeyExW(pin_key, L"Types", 0, NULL, 0, 0, NULL, &type_key, NULL))) + if (!(ret = RegCreateKeyExW(pin_key, L"Types", 0, NULL, 0, KEY_ENUMERATE_SUB_KEYS, NULL, &type_key, NULL))) RegCloseKey(type_key); else ERR("Failed to create Types subkey, error %lu.\n", ret); @@ -1512,7 +1512,7 @@ static HRESULT WINAPI FilterMapper_RegisterPinType(IFilterMapper *iface, StringFromGUID2(&majortype, type_keypath, ARRAY_SIZE(type_keypath)); wcscat(type_keypath, L"\"); StringFromGUID2(&subtype, type_keypath + wcslen(type_keypath), ARRAY_SIZE(type_keypath) - wcslen(type_keypath)); - if (!(ret = RegCreateKeyExW(key, type_keypath, 0, NULL, 0, 0, NULL, &type_key, NULL))) + if (!(ret = RegCreateKeyExW(key, type_keypath, 0, NULL, 0, KEY_ENUMERATE_SUB_KEYS, NULL, &type_key, NULL))) RegCloseKey(type_key); else ERR("Failed to create type key, error %lu.\n", ret); @@ -1531,7 +1531,7 @@ static HRESULT WINAPI FilterMapper_UnregisterFilter(IFilterMapper *iface, CLSID

StringFromGUID2(&clsid, guidstr, ARRAY_SIZE(guidstr));

- if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, L"Filter", 0, 0, &key))) + if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, L"Filter", 0, KEY_ENUMERATE_SUB_KEYS, &key))) return HRESULT_FROM_WIN32(ret); if ((ret = RegDeleteKeyW(key, guidstr))) ERR("Failed to delete filter key, error %lu.\n", ret); @@ -1576,7 +1576,7 @@ static HRESULT WINAPI FilterMapper_UnregisterPin(IFilterMapper * iface, CLSID cl wcscpy(keypath, L"CLSID\"); StringFromGUID2(&clsid, keypath + wcslen(keypath), ARRAY_SIZE(keypath) - wcslen(keypath)); wcscat(keypath, L"\Pins"); - if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, keypath, 0, 0, &key))) + if ((ret = RegOpenKeyExW(HKEY_CLASSES_ROOT, keypath, 0, KEY_ENUMERATE_SUB_KEYS, &key))) return HRESULT_FROM_WIN32(ret);

if ((ret = RegDeleteTreeW(key, name)))

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 7/9] wbemprox: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/wbemprox/reg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/wbemprox/reg.c b/dlls/wbemprox/reg.c index cdfb5d28007..e1a40776c1f 100644 --- a/dlls/wbemprox/reg.c +++ b/dlls/wbemprox/reg.c @@ -106,7 +106,7 @@ static HRESULT create_key( HKEY root, const WCHAR *subkey, IWbemContext *context

TRACE("%p, %s\n", root, debugstr_w(subkey));

- res = RegCreateKeyExW( root, subkey, 0, NULL, 0, get_access_mask( context ), NULL, &hkey, NULL ); + res = RegCreateKeyExW( root, subkey, 0, NULL, 0, KEY_ENUMERATE_SUB_KEYS | get_access_mask( context ), NULL, &hkey, NULL ); set_variant( VT_UI4, res, NULL, retval ); if (!res) {

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 8/9] shell32: Don't open reg keys with zero access mask.

From: Paul Gofman pgofman@codeweavers.com

--- dlls/shell32/classes.c | 4 ++-- dlls/shell32/shellpath.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/dlls/shell32/classes.c b/dlls/shell32/classes.c index a8e70c021c2..399dbf5b4fb 100644 --- a/dlls/shell32/classes.c +++ b/dlls/shell32/classes.c @@ -135,7 +135,7 @@ BOOL HCR_GetDefaultVerbW( HKEY hkeyClass, LPCWSTR szVerb, LPWSTR szDest, DWORD l lstrcpyW(sTemp, L"shell\"); lstrcatW(sTemp, szDest); lstrcatW(sTemp, L"\command"); - if (!RegOpenKeyExW(hkeyClass, sTemp, 0, 0, &hkey)) + if (!RegOpenKeyExW(hkeyClass, sTemp, 0, KEY_ENUMERATE_SUB_KEYS, &hkey)) { RegCloseKey(hkey); TRACE("default verb=%s\n", debugstr_w(szDest)); @@ -145,7 +145,7 @@ BOOL HCR_GetDefaultVerbW( HKEY hkeyClass, LPCWSTR szVerb, LPWSTR szDest, DWORD l

/* then fallback to 'open' */ lstrcpyW(sTemp, L"shell\open\command"); - if (!RegOpenKeyExW(hkeyClass, sTemp, 0, 0, &hkey)) + if (!RegOpenKeyExW(hkeyClass, sTemp, 0, KEY_ENUMERATE_SUB_KEYS, &hkey)) { RegCloseKey(hkey); lstrcpynW(szDest, L"open", len); diff --git a/dlls/shell32/shellpath.c b/dlls/shell32/shellpath.c index e04f0af1676..1a52717651e 100644 --- a/dlls/shell32/shellpath.c +++ b/dlls/shell32/shellpath.c @@ -3876,7 +3876,7 @@ static HRESULT knownfolder_set_id( /* check is it registry-registered folder */ hr = get_known_folder_registry_path(kfid, NULL, &knownfolder->registryPath); if(SUCCEEDED(hr)) - hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_LOCAL_MACHINE, knownfolder->registryPath, 0, 0, &hKey)); + hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_LOCAL_MACHINE, knownfolder->registryPath, 0, KEY_ENUMERATE_SUB_KEYS, &hKey));

if(SUCCEEDED(hr)) { @@ -4322,7 +4322,7 @@ static BOOL is_knownfolder( struct foldermanager *fm, const KNOWNFOLDERID *id ) hr = get_known_folder_registry_path(id, NULL, &registryPath); if(SUCCEEDED(hr)) { - hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_LOCAL_MACHINE, registryPath, 0, 0, &hKey)); + hr = HRESULT_FROM_WIN32(RegOpenKeyExW(HKEY_LOCAL_MACHINE, registryPath, 0, KEY_ENUMERATE_SUB_KEYS, &hKey)); free(registryPath); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Paul Gofman

9:50 p.m.

New subject: [PATCH v5 9/9] server: Check for zero access in alloc_handle().

From: Paul Gofman pgofman@codeweavers.com

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 311c7f43980..319d7b20bd6 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -5538,9 +5538,7 @@ static void test_mutex_security(HANDLE token)

SetLastError(0xdeadbeef); dup = OpenMutexA(0, FALSE, "WineTestMutex"); - todo_wine ok(!dup, "OpenMutex should fail\n"); - todo_wine ok(GetLastError() == ERROR_ACCESS_DENIED, "wrong error %lu\n", GetLastError()); }

@@ -5595,9 +5593,7 @@ static void test_event_security(HANDLE token)

SetLastError(0xdeadbeef); dup = OpenEventA(0, FALSE, "WineTestEvent"); - todo_wine ok(!dup, "OpenEvent should fail\n"); - todo_wine ok(GetLastError() == ERROR_ACCESS_DENIED, "wrong error %lu\n", GetLastError()); }

diff --git a/dlls/kernel32/tests/sync.c b/dlls/kernel32/tests/sync.c index 49420e4519f..7a6571475c2 100644 --- a/dlls/kernel32/tests/sync.c +++ b/dlls/kernel32/tests/sync.c @@ -248,9 +248,7 @@ static void test_mutex(void)

SetLastError(0xdeadbeef); hOpened = OpenMutexA(0, FALSE, "WineTestMutex"); - todo_wine ok(hOpened == NULL, "OpenMutex succeeded\n"); - todo_wine ok(GetLastError() == ERROR_ACCESS_DENIED, "wrong error %lu\n", GetLastError());

SetLastError(0xdeadbeef); @@ -289,7 +287,7 @@ static void test_mutex(void) if ((1 << i) == ACCESS_SYSTEM_SECURITY) todo_wine ok(GetLastError() == ERROR_PRIVILEGE_NOT_HELD, "wrong error %lu, access %x\n", GetLastError(), 1 << i); else - todo_wine ok(GetLastError() == ERROR_ACCESS_DENIED, "wrong error %lu, , access %x\n", GetLastError(), 1 << i); + ok(GetLastError() == ERROR_ACCESS_DENIED, "wrong error %lu, , access %x\n", GetLastError(), 1 << i); ReleaseMutex(hCreated); failed |=0x1 << i; } diff --git a/dlls/ntdll/tests/om.c b/dlls/ntdll/tests/om.c index 2cbba6b15d4..c3274de3570 100644 --- a/dlls/ntdll/tests/om.c +++ b/dlls/ntdll/tests/om.c @@ -30,6 +30,7 @@ #include "winternl.h" #include "wingdi.h" #include "winuser.h" +#include "winreg.h" #include "ddk/wdm.h" #include "wine/test.h"

@@ -3392,6 +3393,7 @@ static void test_zero_access(void) CLIENT_ID cid; HANDLE h1, h2; DWORD err; + HKEY key;

size.QuadPart = 4096; timeout.QuadPart = -10000; @@ -3410,18 +3412,15 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateEvent( &h2, 0, &attr, NotificationEvent, FALSE ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenEvent( &h2, EVENT_ALL_ACCESS, &attr ); ok( !status, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtOpenEvent( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); InitializeObjectAttributes( &attr, &str, OBJ_INHERIT, 0, NULL ); status = pNtOpenEvent( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

status = pNtDuplicateObject( GetCurrentProcess(), h1, GetCurrentProcess(), &h2, 0, 0, 0 ); ok( !status, "got %#lx.\n", status ); @@ -3443,11 +3442,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateMutant( &h2, 0, &attr, FALSE ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenMutant( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateSemaphore( &h1, 0, &attr, 1, 2 ); @@ -3461,11 +3458,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateSemaphore( &h2, 0, &attr, 1, 2 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenSemaphore( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateKeyedEvent( &h1, 0, &attr, 0 ); @@ -3479,11 +3474,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateKeyedEvent( &h2, 0, &attr, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenKeyedEvent( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateIoCompletion( &h1, 0, &attr, 0 ); @@ -3497,11 +3490,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateIoCompletion( &h2, 0, &attr, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenIoCompletion( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateJobObject( &h1, 0, &attr ); @@ -3516,11 +3507,9 @@ static void test_zero_access(void) "got %#lx.\n", status ); if (NT_SUCCESS(status)) CloseHandle( h2 ); status = pNtCreateJobObject( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenJobObject( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateDirectoryObject( &h1, 0, &attr ); @@ -3534,11 +3523,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateDirectoryObject( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenDirectoryObject( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateTimer( &h1, 0, &attr, NotificationTimer ); @@ -3552,11 +3539,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateTimer( &h2, 0, &attr, NotificationTimer ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenTimer( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateSymbolicLinkObject( &h1, 0, &attr, &target ); @@ -3571,11 +3556,9 @@ static void test_zero_access(void) "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateSymbolicLinkObject( &h2, 0, &attr, &target ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenSymbolicLinkObject( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateSection( &h1, 0, &attr, &size, PAGE_READWRITE, SEC_COMMIT, 0 ); @@ -3589,11 +3572,9 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateSection( &h2, 0, &attr, &size, PAGE_READWRITE, SEC_COMMIT, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtOpenSection( &h2, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

status = pNtCreateDebugObject( &h1, 0, &attr, 0 ); @@ -3605,8 +3586,7 @@ static void test_zero_access(void) ok( status == STATUS_OBJECT_NAME_EXISTS, "got %#lx.\n", status ); CloseHandle( h2 ); status = pNtCreateDebugObject( &h2, 0, &attr, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h2 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); CloseHandle( h1 );

pRtlInitUnicodeString( &str, L"\Device\Null" ); @@ -3616,8 +3596,7 @@ static void test_zero_access(void) CloseHandle( h1 ); status = NtCreateFile( &h1, 0, &attr, &iosb, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, 0, NULL, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

pRtlInitUnicodeString( &str, L"\??\c:\windows\system32\ntdll.dll" ); status = NtCreateFile( &h1, GENERIC_READ | SYNCHRONIZE, &attr, &iosb, NULL, 0, @@ -3626,8 +3605,7 @@ static void test_zero_access(void) CloseHandle( h1 ); status = NtCreateFile( &h1, 0, &attr, &iosb, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, 0, NULL, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

pRtlInitUnicodeString( &str, L"\Device\MailSlot\abc" ); status = pNtCreateMailslotFile( &h1, 0, &attr, &iosb, 0, 0, 0, NULL ); @@ -3661,17 +3639,25 @@ static void test_zero_access(void)

pRtlInitUnicodeString( &str, L"\REGISTRY\Machine" ); status = pNtCreateKey( &h1, 0, &attr, 0, 0, 0, 0 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); status = pNtCreateKey( &h1, KEY_READ, &attr, 0, 0, 0, 0 ); ok( !status, "got %#lx.\n", status ); CloseHandle( h1 ); status = pNtOpenKey( &h1, KEY_READ, &attr ); ok( !status, "got %#lx.\n", status ); CloseHandle( h1 ); + err = RegOpenKeyExW( HKEY_LOCAL_MACHINE, L"Software", 0, KEY_READ | KEY_WOW64_64KEY, &key); + ok( !err, "got %#lx.\n", status ); + RegCloseKey( key ); + err = RegOpenKeyExW( HKEY_LOCAL_MACHINE, L"Software", 0, KEY_READ | KEY_WOW64_32KEY, &key); + ok( !err, "got %#lx.\n", status ); + RegCloseKey( key ); status = pNtOpenKey( &h1, 0, &attr ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); + err = RegOpenKeyExW( HKEY_LOCAL_MACHINE, L"Software", 0, KEY_WOW64_64KEY, &key); + ok( err == ERROR_ACCESS_DENIED, "got %#lx.\n", status ); + err = RegOpenKeyExW( HKEY_LOCAL_MACHINE, L"Software", 0, KEY_WOW64_32KEY, &key); + ok( err == ERROR_ACCESS_DENIED, "got %#lx.\n", status );

pRtlInitUnicodeString( &str, L"\REGISTRY\Machine\Software\foobar-test" ); status = pNtCreateKey( &h1, KEY_ALL_ACCESS, &attr, 0, 0, 0, 0 ); @@ -3694,26 +3680,22 @@ static void test_zero_access(void) ok( !status, "got %#lx.\n", status ); CloseHandle( h1 ); status = pNtOpenProcessToken( GetCurrentProcess(), 0, &h1 ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

status = NtGetNextThread(GetCurrentProcess(), NULL, 0, 0, 0, &h1); - todo_wine ok( status == STATUS_NO_MORE_ENTRIES, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_NO_MORE_ENTRIES, "got %#lx.\n", status );

InitializeObjectAttributes( &attr, NULL, 0, 0, NULL ); cid.UniqueProcess = ULongToHandle( GetCurrentProcessId() ); cid.UniqueThread = 0; status = pNtOpenProcess( &h1, 0, &attr, &cid ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

InitializeObjectAttributes( &attr, NULL, 0, 0, NULL ); cid.UniqueProcess = 0; cid.UniqueThread = ULongToHandle( GetCurrentThreadId() ); status = pNtOpenThread( &h1, 0, &attr, &cid ); - todo_wine ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status ); - if (NT_SUCCESS(status)) CloseHandle( h1 ); + ok( status == STATUS_ACCESS_DENIED, "got %#lx.\n", status );

h1 = CreateWindowStationA( "WinSta0", 0, WINSTA_ALL_ACCESS, NULL ); err = GetLastError(); @@ -3725,9 +3707,8 @@ static void test_zero_access(void) CloseWindowStation( h1 ); h1 = CreateWindowStationA( "WinSta0", 0, 0, NULL ); err = GetLastError(); - todo_wine ok( !h1, "CreateWindowStationA succeeded\n" ); - todo_wine ok( err == ERROR_ACCESS_DENIED, "CreateWindowStationA failed %lu\n", err ); - if (h1) CloseWindowStation( h1 ); + ok( !h1, "CreateWindowStationA succeeded\n" ); + ok( err == ERROR_ACCESS_DENIED, "CreateWindowStationA failed %lu\n", err ); } else if (err == ERROR_ACCESS_DENIED) win_skip( "Not enough privileges for CreateWindowStation\n" );

@@ -3736,9 +3717,8 @@ static void test_zero_access(void) CloseWindowStation( h1 ); h1 = OpenWindowStationA( "WinSta0", TRUE, 0 ); err = GetLastError(); - todo_wine ok( !h1, "OpenWindowStation succeeeded\n" ); - todo_wine ok( err == ERROR_ACCESS_DENIED, "OpenWindowStation failed %lu\n", err ); - if (h1) CloseWindowStation( h1 ); + ok( !h1, "OpenWindowStation succeeeded\n" ); + ok( err == ERROR_ACCESS_DENIED, "OpenWindowStation failed %lu\n", err );

h1 = CreateDesktopA( "default", NULL, NULL, 0, DESKTOP_ALL_ACCESS, NULL ); ok( h1 != 0, "CreateDesktopA failed %lu\n", GetLastError() ); @@ -3746,9 +3726,8 @@ static void test_zero_access(void) SetLastError( 0xdeadbeef ); h1 = CreateDesktopA( "default", NULL, NULL, 0, 0, NULL ); err = GetLastError(); - todo_wine ok( !h1, "CreateDesktopA succeeded\n" ); - todo_wine ok( err == ERROR_ACCESS_DENIED, "CreateDesktopA failed %lu\n", err ); - if (h1) CloseDesktop( h1 ); + ok( !h1, "CreateDesktopA succeeded\n" ); + ok( err == ERROR_ACCESS_DENIED, "CreateDesktopA failed %lu\n", err );

h1 = OpenDesktopA( "default", 0, TRUE, DESKTOP_ALL_ACCESS ); ok( h1 != 0, "OpenDesktopA failed %lu\n", GetLastError() ); diff --git a/dlls/ntdll/tests/reg.c b/dlls/ntdll/tests/reg.c index f264f42e98d..2760c1b4472 100644 --- a/dlls/ntdll/tests/reg.c +++ b/dlls/ntdll/tests/reg.c @@ -253,9 +253,7 @@ static void test_NtOpenKey(void) attr.Length = sizeof(attr); key = (HANDLE)0xdeadbeef; status = pNtOpenKey(&key, 0, &attr); - todo_wine ok(status == STATUS_ACCESS_DENIED, "Expected STATUS_ACCESS_DENIED, got: 0x%08lx\n", status); - todo_wine ok(!key, "key = %p\n", key); if (status == STATUS_SUCCESS) NtClose(key);

diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 7194dc403d7..dd8b2f4ffee 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -2292,19 +2292,15 @@ static void test_permanence(void) status = ZwOpenDirectoryObject( &handle, DIRECTORY_ALL_ACCESS, &attr ); ok(!status, "got %#lx\n", status); status = ZwMakeTemporaryObject( handle ); - todo_wine ok(!status, "got %#lx\n", status); status = ZwMakeTemporaryObject( handle ); - todo_wine ok(!status, "got %#lx\n", status); status = ZwClose( handle ); ok(!status, "got %#lx\n", status); status = ZwOpenDirectoryObject( &handle, 0, &attr ); - todo_wine ok(status == STATUS_OBJECT_NAME_NOT_FOUND, "got %#lx\n", status);

status = ZwCreateDirectoryObject( &handle, GENERIC_ALL, &attr ); - todo_wine ok(!status, "got %#lx\n", status); attr.Attributes = OBJ_PERMANENT; status = ZwOpenDirectoryObject( &handle2, DIRECTORY_ALL_ACCESS, &attr ); @@ -2312,11 +2308,9 @@ static void test_permanence(void) status = ZwClose( handle2 ); ok(!status, "got %#lx\n", status); status = ZwClose( handle ); - todo_wine ok(!status, "got %#lx\n", status); attr.Attributes = 0; status = ZwOpenDirectoryObject( &handle, 0, &attr ); - todo_wine ok(status == STATUS_OBJECT_NAME_NOT_FOUND, "got %#lx\n", status); if (!status) ZwClose( handle ); } diff --git a/dlls/setupapi/tests/devinst.c b/dlls/setupapi/tests/devinst.c index c5c0114b2b7..0c902ce783b 100644 --- a/dlls/setupapi/tests/devinst.c +++ b/dlls/setupapi/tests/devinst.c @@ -1948,11 +1948,9 @@ static void test_device_key(void)

SetLastError(0xdeadbeef); key = SetupDiOpenDevRegKey(set, &device, DICS_FLAG_GLOBAL, 0, DIREG_DRV, 0); -todo_wine { ok(key == INVALID_HANDLE_VALUE, "Expected failure.\n"); ok(GetLastError() == ERROR_INVALID_DATA || GetLastError() == ERROR_ACCESS_DENIED, /* win2k3 */ "Got unexpected error %#lx.\n", GetLastError()); -}

key = SetupDiOpenDevRegKey(set, &device, DICS_FLAG_GLOBAL, 0, DIREG_DRV, KEY_READ); ok(key != INVALID_HANDLE_VALUE, "Failed to open device key, error %#lx.\n", GetLastError()); diff --git a/server/device.c b/server/device.c index cab09700d8c..1f93cca437d 100644 --- a/server/device.c +++ b/server/device.c @@ -1003,7 +1003,7 @@ DECL_HANDLER(get_next_device_request)

if (iosb && iosb->in_size > get_reply_max_size()) set_error( STATUS_BUFFER_OVERFLOW ); - else if (!irp->file || (reply->next = alloc_handle( current->process, irp, 0, 0 ))) + else if (!irp->file || (reply->next = alloc_handle_no_access_check( current->process, irp, 0, 0 ))) { if (fill_irp_params( manager, irp, &reply->params )) { @@ -1137,7 +1137,7 @@ DECL_HANDLER(get_kernel_object_handle) return;

if ((ref = kernel_object_from_ptr( manager, req->user_ptr ))) - reply->handle = alloc_handle( current->process, ref->object, req->access, 0 ); + reply->handle = alloc_handle_no_access_check( current->process, ref->object, req->access, 0 ); else set_error( STATUS_INVALID_HANDLE );

diff --git a/server/handle.c b/server/handle.c index c43b19c1160..8968df73647 100644 --- a/server/handle.c +++ b/server/handle.c @@ -283,8 +283,13 @@ obj_handle_t alloc_handle_no_access_check( struct process *process, void *ptr, u obj_handle_t alloc_handle( struct process *process, void *ptr, unsigned int access, unsigned int attr ) { struct object *obj = ptr; - access = obj->ops->map_access( obj, access ) & ~RESERVED_ALL; - if (access && !check_object_access( NULL, obj, &access )) return 0; + + if (!(access = obj->ops->map_access( obj, access ) & ~RESERVED_ALL)) + { + set_error( STATUS_ACCESS_DENIED ); + return 0; + } + if (!check_object_access( NULL, obj, &access )) return 0; return alloc_handle_entry( process, ptr, access, attr ); }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6047

Age (days ago)

Last active (days ago)

wine-gitlab@winehq.org

9 comments

2 participants

tags (0)

participants (2)

Paul Gofman
Paul Gofman (＠gofman)