[ros-diffs] [cwittich] 40519: check for immutable bits in RtlSetControlSecurityDescriptor fixes >100 advapi32 security winetests

cwittich Wed, 15 Apr 2009 01:34:16 -0700

Author: cwittich
Date: Wed Apr 15 12:33:57 2009
New Revision: 40519

URL: http://svn.reactos.org/svn/reactos?rev=40519&view=rev
Log:
check for immutable bits in RtlSetControlSecurityDescriptor
fixes >100 advapi32 security winetests


Modified:
    trunk/reactos/lib/rtl/sd.c

Modified: trunk/reactos/lib/rtl/sd.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/sd.c?rev=40519&r1=40518&r2=40519&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/sd.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/sd.c [iso-8859-1] Wed Apr 15 12:33:57 2009
@@ -667,6 +667,13 @@
                                 IN SECURITY_DESCRIPTOR_CONTROL 
ControlBitsOfInterest,
                                 IN SECURITY_DESCRIPTOR_CONTROL 
ControlBitsToSet)
 {
+   SECURITY_DESCRIPTOR_CONTROL const immutable
+       = SE_OWNER_DEFAULTED  | SE_GROUP_DEFAULTED
+       | SE_DACL_PRESENT     | SE_DACL_DEFAULTED
+       | SE_SACL_PRESENT     | SE_SACL_DEFAULTED
+       | SE_RM_CONTROL_VALID | SE_SELF_RELATIVE
+       ;
+
    PISECURITY_DESCRIPTOR pSD = (PISECURITY_DESCRIPTOR)SecurityDescriptor;
 
    PAGED_CODE_RTL();
@@ -675,6 +682,9 @@
    {
       return STATUS_UNKNOWN_REVISION;
    }
+
+   if ((ControlBitsOfInterest | ControlBitsToSet) & immutable)
+      return STATUS_INVALID_PARAMETER;
 
    /* Zero the 'bits of interest' */
    pSD->Control &= ~ControlBitsOfInterest;

[ros-diffs] [cwittich] 40519: check for immutable bits in RtlSetControlSecurityDescriptor fixes >100 advapi32 security winetests

Reply via email to