Added patch to fix the initialization of combined DACLs when the new DACL is empty.

2024-09-13 09:17:20 -07:00 · 2015-10-17 03:17:26 +02:00 · 2015-10-17 03:17:26 +02:00 · 1f9e5b10e0
commit 1f9e5b10e0
parent 0c3120e10d
6 changed files with 190 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -34,10 +34,11 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 -----------------------------------

-**Bug fixes and features included in the next upcoming release [4]:**
+**Bug fixes and features included in the next upcoming release [5]:**

 * Add implementation for IDXGIOutput::GetDesc ([Wine Bug #32006](https://bugs.winehq.org/show_bug.cgi?id=32006))
 * Do not check if object was signaled after user APC in server_select
+* Fix the initialization of combined DACLs when the new DACL is empty ([Wine Bug #38423](https://bugs.winehq.org/show_bug.cgi?id=38423))
 * Show windows version when collecting system info in winedbg
 * Use wrapper functions for syscalls to appease Chromium sandbox (32-bit) ([Wine Bug #39403](https://bugs.winehq.org/show_bug.cgi?id=39403))

--- a/debian/changelog
+++ b/debian/changelog
@ -7,6 +7,8 @@ wine-staging (1.7.53) UNRELEASED; urgency=low
  * Added patch to fix handling of wait interrupted by User APC.
  * Added patch to use wrapper functions for syscalls to appease Chromium
    sandbox (32-bit).
+  * Added patch to fix the initialization of combined DACLs when the new DACL is
+    empty.
  * Removed patch to mark RegOpenKeyExA, RegCloseKey and RegQueryValueExA as
    hotpatchable (accepted upstream).
  * Removed patch to mark BitBlt and StretchDIBits as hotpatchable (accepted
--- a/patches/advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch
+++ b/patches/advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch
@ -0,0 +1,110 @@
+From 646388b696afda85dccc76678af6a8955bf0b627 Mon Sep 17 00:00:00 2001
+From: "Erich E. Hoover" <erich.e.hoover@wine-staging.com>
+Date: Fri, 16 Oct 2015 16:03:00 -0600
+Subject: advapi32: Move the DACL combining code into a separate routine.
+
+---
+ dlls/advapi32/security.c | 79 +++++++++++++++++++++++++++---------------------
+ 1 file changed, 45 insertions(+), 34 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 00dafe8..dad8b22 100644
+--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
+@@ -5805,6 +5805,48 @@ BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
+     return TRUE;
+ }
+ 
+static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result)
+{
+    ACL *combined;
+    int i;
+
+    /* initialize a combined DACL containing both inherited and new ACEs */
+    combined = heap_alloc_zero(child->AclSize+parent->AclSize);
+    if (!combined)
+        return STATUS_NO_MEMORY;
+
+    memcpy(combined, child, child->AclSize);
+    combined->AclSize = child->AclSize+parent->AclSize;
+
+    /* copy the inherited ACEs */
+    for (i=0; i<parent->AceCount; i++)
+    {
+        ACE_HEADER *ace;
+
+        if (!GetAce(parent, i, (void*)&ace))
+            continue;
+        if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)))
+            continue;
+        if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) !=
+                (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))
+        {
+            FIXME("unsupported flags: %x\n", ace->AceFlags);
+            continue;
+        }
+
+        if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE)
+            ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE);
+        ace->AceFlags &= ~INHERIT_ONLY_ACE;
+        ace->AceFlags |= INHERITED_ACE;
+
+        if (!AddAce(combined, ACL_REVISION, MAXDWORD, ace, ace->AceSize))
+            WARN("error adding inherited ACE\n");
+    }
+
+    *result = combined;
+    return STATUS_SUCCESS;
+}
+
+ /******************************************************************************
+  * SetSecurityInfo [ADVAPI32.@]
+  */
+@@ -5904,41 +5946,10 @@ DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType,
+ 
+                     if (!err)
+                     {
+-                        int i;
+-
+-                        dacl = heap_alloc_zero(pDacl->AclSize+parent_dacl->AclSize);
+-                        if (!dacl)
+-                        {
+-                            LocalFree(parent_sd);
+-                            return ERROR_NOT_ENOUGH_MEMORY;
+-                        }
+-                        memcpy(dacl, pDacl, pDacl->AclSize);
+-                        dacl->AclSize = pDacl->AclSize+parent_dacl->AclSize;
+-
+-                        for (i=0; i<parent_dacl->AceCount; i++)
+-                        {
+-                            ACE_HEADER *ace;
+-
+-                            if (!GetAce(parent_dacl, i, (void*)&ace))
+-                                continue;
+-                            if (!(ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)))
+-                                continue;
+-                            if ((ace->AceFlags & (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE)) !=
+-                                    (OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE))
+-                            {
+-                                FIXME("unsupported flags: %x\n", ace->AceFlags);
+-                                continue;
+-                            }
+-
+-                            if (ace->AceFlags & NO_PROPAGATE_INHERIT_ACE)
+-                                ace->AceFlags &= ~(OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE|NO_PROPAGATE_INHERIT_ACE);
+-                            ace->AceFlags &= ~INHERIT_ONLY_ACE;
+-                            ace->AceFlags |= INHERITED_ACE;
+-
+-                            if(!AddAce(dacl, ACL_REVISION, MAXDWORD, ace, ace->AceSize))
+-                                WARN("error adding inherited ACE\n");
+-                        }
+                        status = combine_dacls(parent_dacl, pDacl, &dacl);
+                         LocalFree(parent_sd);
+                        if (status != STATUS_SUCCESS)
+                            return RtlNtStatusToDosError(status);
+                     }
+                 }
+                 else
+-- 
+2.6.1
+
--- a/patches/advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch
+++ b/patches/advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch
@ -0,0 +1,54 @@
+From d1accafbe8e52b6b2c84e9fe5d08303fc05858af Mon Sep 17 00:00:00 2001
+From: "Erich E. Hoover" <erich.e.hoover@wine-staging.com>
+Date: Fri, 16 Oct 2015 13:58:38 -0600
+Subject: advapi32: Fix the initialization of combined DACLs when the new DACL
+ is empty.
+
+---
+ dlls/advapi32/security.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index dad8b22..11ae487 100644
+--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
+@@ -5807,6 +5807,7 @@ BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus)
+ 
+ static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result)
+ {
+    NTSTATUS status;
+     ACL *combined;
+     int i;
+ 
+@@ -5815,8 +5816,26 @@ static NTSTATUS combine_dacls(ACL *parent, ACL *child, ACL **result)
+     if (!combined)
+         return STATUS_NO_MEMORY;
+ 
+-    memcpy(combined, child, child->AclSize);
+-    combined->AclSize = child->AclSize+parent->AclSize;
+    status = RtlCreateAcl(combined, parent->AclSize+child->AclSize, ACL_REVISION);
+    if (status != STATUS_SUCCESS)
+    {
+        heap_free(combined);
+        return status;
+    }
+
+    /* copy the new ACEs */
+    for (i=0; i<child->AceCount; i++)
+    {
+        ACE_HEADER *ace;
+
+        if (!GetAce(child, i, (void*)&ace))
+        {
+            WARN("error obtaining new ACE\n");
+            continue;
+        }
+        if (!AddAce(combined, ACL_REVISION, MAXDWORD, ace, ace->AceSize))
+            WARN("error adding new ACE\n");
+    }
+ 
+     /* copy the inherited ACEs */
+     for (i=0; i<parent->AceCount; i++)
+-- 
+2.6.1
+
--- a/patches/advapi32-SetSecurityInfo/definition
+++ b/patches/advapi32-SetSecurityInfo/definition
@ -0,0 +1 @@
+Fixes: [38423] Fix the initialization of combined DACLs when the new DACL is empty
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -87,6 +87,7 @@ patch_enable_all ()
 	enable_Pipelight="$1"
 	enable_Staging="$1"
 	enable_advapi32_LsaLookupSids="$1"
+	enable_advapi32_SetSecurityInfo="$1"
 	enable_amstream_GetMultiMediaStream="$1"
 	enable_api_ms_win_crt_Stub_DLLs="$1"
 	enable_authz_Stub_Functions="$1"
@ -349,6 +350,9 @@ patch_enable ()
 		advapi32-LsaLookupSids)
 			enable_advapi32_LsaLookupSids="$2"
 			;;
+		advapi32-SetSecurityInfo)
+			enable_advapi32_SetSecurityInfo="$2"
+			;;
 		amstream-GetMultiMediaStream)
 			enable_amstream_GetMultiMediaStream="$2"
 			;;
@ -2222,6 +2226,23 @@ if test "$enable_advapi32_LsaLookupSids" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset advapi32-SetSecurityInfo
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#38423] Fix the initialization of combined DACLs when the new DACL is empty
+# |
+# | Modified files:
+# |   *	dlls/advapi32/security.c
+# |
+if test "$enable_advapi32_SetSecurityInfo" -eq 1; then
+	patch_apply advapi32-SetSecurityInfo/0001-advapi32-Move-the-DACL-combining-code-into-a-separat.patch
+	patch_apply advapi32-SetSecurityInfo/0002-advapi32-Fix-the-initialization-of-combined-DACLs-wh.patch
+	(
+		echo '+    { "Erich E. Hoover", "advapi32: Move the DACL combining code into a separate routine.", 1 },';
+		echo '+    { "Erich E. Hoover", "advapi32: Fix the initialization of combined DACLs when the new DACL is empty.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset amstream-GetMultiMediaStream
 # |
 # | This patchset fixes the following Wine bugs:
				`@ -0,0 +1 @@`
				`Fixes: [38423] Fix the initialization of combined DACLs when the new DACL is empty`