Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-06-08 04:52:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

dll: FspAccessCheckEx: fix DELETE access check for named streams

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-10-10 18:04:55 -07:00
parent 4084448bd5
commit 31b54ecc47
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/dll/security.c
View File

@ -107,6 +107,7 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
PPRIVILEGE_SET PrivilegeSet = (PVOID)PrivilegeSetBuf; PPRIVILEGE_SET PrivilegeSet = (PVOID)PrivilegeSetBuf;
DWORD PrivilegeSetLength = sizeof PrivilegeSetBuf; DWORD PrivilegeSetLength = sizeof PrivilegeSetBuf;
UINT32 TraverseAccess, ParentAccess, DesiredAccess2; UINT32 TraverseAccess, ParentAccess, DesiredAccess2;
UINT16 NamedStreamSave;
BOOL AccessStatus; BOOL AccessStatus;
if (CheckParentDirectory) if (CheckParentDirectory)
@ -228,6 +229,8 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
0 == ((MAXIMUM_ALLOWED | DELETE | FILE_READ_ATTRIBUTES) & DesiredAccess)) 0 == ((MAXIMUM_ALLOWED | DELETE | FILE_READ_ATTRIBUTES) & DesiredAccess))
goto exit; goto exit;
NamedStreamSave = Request->Req.Create.NamedStream;
Request->Req.Create.NamedStream = 0;
Result = FspAccessCheck(FileSystem, Request, TRUE, FALSE, Result = FspAccessCheck(FileSystem, Request, TRUE, FALSE,
(MAXIMUM_ALLOWED & DesiredAccess) ? (FILE_DELETE_CHILD | FILE_LIST_DIRECTORY) : (MAXIMUM_ALLOWED & DesiredAccess) ? (FILE_DELETE_CHILD | FILE_LIST_DIRECTORY) :
( (
@ -235,6 +238,7 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
((FILE_READ_ATTRIBUTES & DesiredAccess) ? FILE_LIST_DIRECTORY : 0) ((FILE_READ_ATTRIBUTES & DesiredAccess) ? FILE_LIST_DIRECTORY : 0)
), ),
&ParentAccess); &ParentAccess);
Request->Req.Create.NamedStream = NamedStreamSave;
if (!NT_SUCCESS(Result)) if (!NT_SUCCESS(Result))
{ {
/* any failure just becomes ACCESS DENIED at this point */ /* any failure just becomes ACCESS DENIED at this point */