Added patch to improve invalid paramater handling in NtAccessCheck.

2024-11-21 16:46:54 -08:00 · 2016-02-22 15:43:52 +01:00 · 2016-02-22 15:43:52 +01:00 · 589007dcc3
commit 589007dcc3
parent 932dd8fbbc
4 changed files with 100 additions and 22 deletions
--- a/patches/ntdll-NtAccessCheck/0001-ntdll-Improve-invalid-paramater-handling-in-NtAccess.patch
+++ b/patches/ntdll-NtAccessCheck/0001-ntdll-Improve-invalid-paramater-handling-in-NtAccess.patch
@ -0,0 +1,77 @@
+From 77f149959058b5e45a2fd462b5077ae417bc5857 Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 16 Feb 2016 04:53:12 +0800
+Subject: ntdll: Improve invalid paramater handling in NtAccessCheck.
+
+Signed-off-by: Qian Hong <qhong@codeweavers.com>
+---
+ dlls/advapi32/tests/security.c |  8 --------
+ dlls/ntdll/sec.c               | 11 ++++++++++-
+ 2 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 8b86d45..698a9aa 100644
+--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
+@@ -1429,10 +1429,8 @@ static void test_AccessCheck(void)
+     ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
+                       0, &PrivSetLen, &Access, &AccessStatus);
+     err = GetLastError();
+-todo_wine
+     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
+        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
+-todo_wine
+     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
+     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
+        "Access and/or AccessStatus were changed!\n");
+@@ -1483,12 +1481,9 @@ todo_wine
+     ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
+                       PrivSet, &PrivSetLen, &Access, &AccessStatus);
+     err = GetLastError();
+-todo_wine
+     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
+        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
+-todo_wine
+     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
+-todo_wine
+     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
+        "Access and/or AccessStatus were changed!\n");
+ 
+@@ -1600,12 +1595,9 @@ todo_wine
+         ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
+                           PrivSet, &PrivSetLen, &Access, &AccessStatus);
+         err = GetLastError();
+-    todo_wine
+         ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
+            "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
+-    todo_wine
+         ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
+-    todo_wine
+         ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
+            "Access and/or AccessStatus were changed!\n");
+ 
+diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
+index 125c86e..c32ae0c 100644
+--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
+@@ -1586,7 +1586,16 @@ NtAccessCheck(
+         SecurityDescriptor, ClientToken, DesiredAccess, GenericMapping,
+         PrivilegeSet, ReturnLength, GrantedAccess, AccessStatus);
+ 
+-    if (!PrivilegeSet || !ReturnLength)
+    if (!ReturnLength)
+        return STATUS_ACCESS_VIOLATION;
+
+    if (*ReturnLength == 0)
+    {
+        *ReturnLength = sizeof(PRIVILEGE_SET);
+        return STATUS_BUFFER_TOO_SMALL;
+    }
+
+    if (!PrivilegeSet)
+         return STATUS_ACCESS_VIOLATION;
+ 
+     SERVER_START_REQ( access_check )
+-- 
+2.7.1
+
--- a/patches/ntdll-NtAccessCheck/definition
+++ b/patches/ntdll-NtAccessCheck/definition
@ -0,0 +1 @@
+Fixes: Improve invalid paramater handling in NtAccessCheck
--- a/patches/ntdll-WRITECOPY/0001-ntdll-Trigger-write-watches-before-passing-userdata-.patch
+++ b/patches/ntdll-WRITECOPY/0001-ntdll-Trigger-write-watches-before-passing-userdata-.patch
@ -1,19 +1,19 @@
-From 1fe20d7d5b0293e8280912766c21b207a1d45566 Mon Sep 17 00:00:00 2001
+From f087db7a31a96e78b9d078b3de2dec90264efe6e Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Sat, 4 Oct 2014 02:35:44 +0200
 Subject: ntdll: Trigger write watches before passing userdata pointer to
 wait_reply.

 ---
- dlls/advapi32/tests/security.c | 3 ---
+ dlls/advapi32/tests/security.c | 1 -
 dlls/ntdll/server.c            | 8 ++++++++
- 2 files changed, 8 insertions(+), 3 deletions(-)
+ 2 files changed, 8 insertions(+), 1 deletion(-)

 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index 8b86d45..42a55c1 100644
+index 698a9aa..e825bf9 100644
 --- a/dlls/advapi32/tests/security.c
 +++ b/dlls/advapi32/tests/security.c
-@@ -1488,7 +1488,6 @@ todo_wine
+@@ -1499,7 +1499,6 @@ todo_wine
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
 todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
@ -21,22 +21,6 @@ index 8b86d45..42a55c1 100644
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
        "Access and/or AccessStatus were changed!\n");
 
-@@ -1504,7 +1503,6 @@ todo_wine
-        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
- todo_wine
-     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
-todo_wine
-     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
-        "Access and/or AccessStatus were changed!\n");
- 
-@@ -1605,7 +1603,6 @@ todo_wine
-            "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-     todo_wine
-         ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
-    todo_wine
-         ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
-            "Access and/or AccessStatus were changed!\n");
- 
 diff --git a/dlls/ntdll/server.c b/dlls/ntdll/server.c
 index 356d631..de9c186 100644
 --- a/dlls/ntdll/server.c
@ -57,5 +41,5 @@ index 356d631..de9c186 100644
     ret = send_request( req );
     if (!ret) ret = wait_reply( req );
 -- 
-2.7.0
+2.7.1

--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -211,6 +211,7 @@ patch_enable_all ()
 	enable_ntdll_Hide_Wine_Exports="$1"
 	enable_ntdll_Junction_Points="$1"
 	enable_ntdll_Loader_Machine_Type="$1"
+	enable_ntdll_NtAccessCheck="$1"
 	enable_ntdll_NtQueryEaFile="$1"
 	enable_ntdll_NtQuerySection="$1"
 	enable_ntdll_NtSetLdtEntries="$1"
@ -778,6 +779,9 @@ patch_enable ()
 		ntdll-Loader_Machine_Type)
 			enable_ntdll_Loader_Machine_Type="$2"
 			;;
+		ntdll-NtAccessCheck)
+			enable_ntdll_NtAccessCheck="$2"
+			;;
 		ntdll-NtQueryEaFile)
 			enable_ntdll_NtQueryEaFile="$2"
 			;;
@ -4783,6 +4787,18 @@ if test "$enable_ntdll_Junction_Points" -eq 1; then
 	) >> "$patchlist"
 fi

+# Patchset ntdll-NtAccessCheck
+# |
+# | Modified files:
+# |   *	dlls/advapi32/tests/security.c, dlls/ntdll/sec.c
+# |
+if test "$enable_ntdll_NtAccessCheck" -eq 1; then
+	patch_apply ntdll-NtAccessCheck/0001-ntdll-Improve-invalid-paramater-handling-in-NtAccess.patch
+	(
+		echo '+    { "Qian Hong", "ntdll: Improve invalid paramater handling in NtAccessCheck.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntdll-NtQuerySection
 # |
 # | This patchset has the following (direct or indirect) dependencies:
				`@ -0,0 +1 @@`
				`Fixes: Improve invalid paramater handling in NtAccessCheck`