From 4410ccbeadb6fa9eae29b1f364486ee4aa91ff81 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sun, 19 Oct 2014 06:53:16 +0200
Subject: [PATCH] Replaced patch for shell32-Default_Folder_ACLs.

The old patch contained several issues, including invalid memory access, a memory leak,
and wrong DACL size calculation. This updated version simplifies the logic a bit and should
fix those issues.
---
 debian/changelog                              |   3 +-
 patches/Makefile                              |   4 +-
 ...default-security-attributes-for-user.patch | 142 +++++++++---------
 .../shell32-Default_Folder_ACLs/definition    |   4 +-
 4 files changed, 75 insertions(+), 78 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 6ae245d3..266f5585 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 wine-compholio (1.7.29) UNRELEASED; urgency=low
   * Updated DOS Attributes patch to better detect XATTR functions.
+  * Updated patch for shell32 default folder ACLs.
   * Updated NtQuerySection patch.
   * Added patch to support IDF_CHECKFIRST in SetupPromptForDisk.
   * Added patch to fix issues when executing pages with guard page / write watch permissions.
@@ -17,7 +18,7 @@ wine-compholio (1.7.29) UNRELEASED; urgency=low
   * Removed patch to fix issues with drag image in ImageLists (accepted upstream).
   * Removed patch to set ldr.EntryPoint for main executable (accepted upstream).
   * Removed patch to implement stubs for [Get|Set]SystemFileCacheSize (accepted upstream).
-  * Removed patches for ATL thunk patches (accepted upstream).
+  * Removed patches for ATL thunk implementation (accepted upstream).
   * Partially removed patches for WRITECOPY memory protection (accepted upstream).
  -- Sebastian Lackner <sebastian@fds-team.de>  Mon, 06 Oct 2014 01:02:37 +0200
 
diff --git a/patches/Makefile b/patches/Makefile
index aa12782d..0ec36371 100644
--- a/patches/Makefile
+++ b/patches/Makefile
@@ -1186,7 +1186,7 @@ shdocvw-ParseURLFromOutsideSource_Tests.ok:
 # Patchset shell32-Default_Folder_ACLs
 # |
 # | Included patches:
-# |   *	Generate default ACLs for user shell folders. [rev 6, by Erich E. Hoover]
+# |   *	Generate default ACLs for user shell folders. [rev 7, by Sebastian Lackner]
 # |
 # | Modified files:
 # |   *	dlls/shell32/shellpath.c
@@ -1195,7 +1195,7 @@ shdocvw-ParseURLFromOutsideSource_Tests.ok:
 shell32-Default_Folder_ACLs.ok:
 	$(call APPLY_FILE,shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch)
 	@( \
-		echo '+    { "shell32-Default_Folder_ACLs", "Erich E. Hoover", "Generate default ACLs for user shell folders. [rev 6]" },'; \
+		echo '+    { "shell32-Default_Folder_ACLs", "Sebastian Lackner", "Generate default ACLs for user shell folders. [rev 7]" },'; \
 	) > shell32-Default_Folder_ACLs.ok
 
 # Patchset shell32-Default_Path
diff --git a/patches/shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch b/patches/shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch
index 6022f86f..69155317 100644
--- a/patches/shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch
+++ b/patches/shell32-Default_Folder_ACLs/0001-shell32-Set-the-default-security-attributes-for-user.patch
@@ -1,103 +1,99 @@
-From 5acc23c9ced211c685c64716f20eecbdb8f2aa27 Mon Sep 17 00:00:00 2001
-From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
-Date: Tue, 25 Feb 2014 10:44:36 -0700
+From 8ce582105c47e7c2b58dc06770c5dba00faa89a3 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Sun, 19 Oct 2014 06:47:11 +0200
 Subject: shell32: Set the default security attributes for user shell folders.
 
+Based on a patch by Erich E. Hoover.
 ---
- dlls/shell32/shellpath.c |  101 +++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 100 insertions(+), 1 deletion(-)
+ dlls/shell32/shellpath.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 95 insertions(+), 1 deletion(-)
 
 diff --git a/dlls/shell32/shellpath.c b/dlls/shell32/shellpath.c
-index f92d56e..0ca7211 100644
+index f92d56e..b6ac04b 100644
 --- a/dlls/shell32/shellpath.c
 +++ b/dlls/shell32/shellpath.c
-@@ -2200,6 +2200,85 @@ cleanup:
+@@ -2200,6 +2200,80 @@ cleanup:
      return hr;
  }
  
-+static BOOL alloc_sid( PSID src, PSID *dst )
++static PSID get_user_sid( TOKEN_USER **user )
 +{
-+    return AllocateAndInitializeSid(GetSidIdentifierAuthority(src), *GetSidSubAuthorityCount(src),
-+                                    *GetSidSubAuthority(src, 0), *GetSidSubAuthority(src, 1),
-+                                    *GetSidSubAuthority(src, 2), *GetSidSubAuthority(src, 3),
-+                                    *GetSidSubAuthority(src, 4), *GetSidSubAuthority(src, 5),
-+                                    *GetSidSubAuthority(src, 6), *GetSidSubAuthority(src, 7), dst);
-+}
-+
-+static PSID get_user_sid( void )
-+{
-+    PSID ret = NULL, user_sid;
-+    TOKEN_USER *user = NULL;
 +    DWORD user_size = 0;
 +    HANDLE token;
-+
-+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
++    if (OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token) ||
++        (GetLastError() == ERROR_NO_TOKEN &&
++        OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)))
 +    {
-+        if (GetLastError() != ERROR_NO_TOKEN) return NULL;
-+        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) return NULL;
++        if (!GetTokenInformation(token, TokenUser, NULL, 0, &user_size) &&
++            GetLastError() == ERROR_INSUFFICIENT_BUFFER &&
++            (*user = HeapAlloc(GetProcessHeap(), 0, user_size)))
++        {
++            if (GetTokenInformation(token, TokenUser, *user, user_size, &user_size))
++            {
++                CloseHandle(token);
++                return (*user)->User.Sid;
++            }
++            HeapFree(GetProcessHeap(), 0, *user);
++        }
++        CloseHandle(token);
 +    }
-+    GetTokenInformation(token, TokenUser, NULL, 0, &user_size);
-+    if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto cleanup;
-+    if ((user = HeapAlloc(GetProcessHeap(), 0, user_size)) == NULL) goto cleanup;
-+    if (!GetTokenInformation(token, TokenUser, user, user_size, &user_size)) goto cleanup;
-+    user_sid = user->User.Sid;
-+    alloc_sid(user_sid, &ret);
-+
-+cleanup:
-+    HeapFree(GetProcessHeap(), 0, user);
-+    CloseHandle(token);
-+    return ret;
++    return NULL;
 +}
 +
 +static PSID get_admin_sid( void )
 +{
-+    PSID ret = NULL, admin_sid = NULL;
-+    DWORD admin_size = 0;
-+
-+    CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, NULL, &admin_size);
-+    if(GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto cleanup;
-+    if((admin_sid = HeapAlloc(GetProcessHeap(), 0, admin_size)) == NULL) goto cleanup;
-+    if(!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &admin_size)) goto cleanup;
-+    alloc_sid(admin_sid, &ret);
-+
-+cleanup:
-+    HeapFree(GetProcessHeap(), 0, admin_sid);
-+    return ret;
++    DWORD sid_size = 0;
++    PSID admin_sid;
++    if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, NULL, &sid_size) &&
++        GetLastError() == ERROR_INSUFFICIENT_BUFFER &&
++        (admin_sid = HeapAlloc(GetProcessHeap(), 0, sid_size)))
++    {
++        if (CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size))
++            return admin_sid;
++        HeapFree(GetProcessHeap(), 0, admin_sid);
++    }
++    return NULL;
 +}
 +
 +static PSECURITY_DESCRIPTOR _SHGetUserSecurityDescriptor( void )
 +{
-+    PACL dacl = HeapAlloc(GetProcessHeap(), 0, 100);
-+    PSECURITY_DESCRIPTOR sd = NULL, ret = NULL;
-+    PSID admin_sid = NULL, user_sid = NULL;
-+    DWORD dacl_size;
++    PSID user_sid, admin_sid = NULL;
++    SECURITY_DESCRIPTOR *sd = NULL;
++    TOKEN_USER *user = NULL;
 +
-+    if ((user_sid = get_user_sid()) == NULL) goto cleanup;
-+    if ((admin_sid = get_admin_sid()) == NULL) goto cleanup;
-+    dacl_size = 2 * sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(user_sid) + GetLengthSid(admin_sid);
-+    if ((sd = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH + dacl_size)) == NULL) goto cleanup;
++    if ((user_sid  = get_user_sid( &user )) &&
++        (admin_sid = get_admin_sid()))
++    {
++        DWORD dacl_size = sizeof(ACL) + 2 * sizeof(ACE_HEADER) + 2 * sizeof(DWORD) +
++                          GetLengthSid(user_sid) + GetLengthSid(admin_sid);
++        if ((sd = HeapAlloc(GetProcessHeap(), 0, sizeof(SECURITY_DESCRIPTOR) + dacl_size)))
++        {
++            PACL dacl = (ACL *)(sd + 1);
++            if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION) ||
++                !InitializeAcl(dacl, dacl_size, ACL_REVISION) ||
++                !AddAccessAllowedAceEx(dacl, ACL_REVISION,
++                                       OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
++                                       GENERIC_ALL, user_sid) ||
++                !AddAccessAllowedAceEx(dacl, ACL_REVISION,
++                                       OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
++                                       GENERIC_ALL, admin_sid) ||
++                !SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE))
++            {
++                HeapFree(GetProcessHeap(), 0, sd);
++                sd = NULL;
++            }
++        }
++    }
 +
-+    /* build the DACL */
-+    if(!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) goto cleanup;
-+    if(!InitializeAcl(dacl, dacl_size, ACL_REVISION)) goto cleanup;
-+    if(!AddAccessAllowedAceEx(dacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
-+                              GENERIC_ALL, user_sid)) goto cleanup;
-+    if(!AddAccessAllowedAceEx(dacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE,
-+                              GENERIC_ALL, admin_sid)) goto cleanup;
-+    if(!SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE)) goto cleanup;
-+    ret = sd;
-+
-+cleanup:
-+    FreeSid(user_sid);
-+    FreeSid(admin_sid);
-+    if(ret == NULL) HeapFree(GetProcessHeap(), 0, sd);
-+    return ret;
++    HeapFree(GetProcessHeap(), 0, admin_sid);
++    HeapFree(GetProcessHeap(), 0, user);
++    return sd;
 +}
 +
  /*************************************************************************
   * SHGetFolderPathAndSubDirW		[SHELL32.@]
   */
-@@ -2211,6 +2290,8 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
+@@ -2211,6 +2285,8 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
  	LPCWSTR pszSubPath,/* [I] sub directory of the specified folder */
  	LPWSTR pszPath)    /* [O] converted path */
  {
@@ -106,7 +102,7 @@ index f92d56e..0ca7211 100644
      HRESULT    hr;
      WCHAR      szBuildPath[MAX_PATH], szTemp[MAX_PATH];
      DWORD      folder = nFolder & CSIDL_FOLDER_MASK;
-@@ -2323,8 +2404,25 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
+@@ -2323,8 +2399,25 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
          goto end;
      }
  
@@ -133,7 +129,7 @@ index f92d56e..0ca7211 100644
      if (ret && ret != ERROR_ALREADY_EXISTS)
      {
          ERR("Failed to create directory %s.\n", debugstr_w(szBuildPath));
-@@ -2334,6 +2432,7 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
+@@ -2334,6 +2427,7 @@ HRESULT WINAPI SHGetFolderPathAndSubDirW(
  
      TRACE("Created missing system directory %s\n", debugstr_w(szBuildPath));
  end:
@@ -142,5 +138,5 @@ index f92d56e..0ca7211 100644
      return hr;
  }
 -- 
-1.7.9.5
+2.1.2
 
diff --git a/patches/shell32-Default_Folder_ACLs/definition b/patches/shell32-Default_Folder_ACLs/definition
index 9ab9e922..bdbc1a64 100644
--- a/patches/shell32-Default_Folder_ACLs/definition
+++ b/patches/shell32-Default_Folder_ACLs/definition
@@ -1,4 +1,4 @@
-Author: Erich E. Hoover
+Author: Sebastian Lackner
 Subject: Generate default ACLs for user shell folders.
-Revision: 6
+Revision: 7
 Fixes: Add default ACLs for user shell folders