From 3adcf7074847b55cdd60f1c92947ae9b5e310df0 Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Sun, 18 Dec 2016 21:50:11 -0800
Subject: [PATCH] sys: disallow creating a ReadOnly and DeleteOnClose file

---
 src/dll/fsop.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/dll/fsop.c b/src/dll/fsop.c
index c220ee84..b0eef140 100644
--- a/src/dll/fsop.c
+++ b/src/dll/fsop.c
@@ -189,9 +189,13 @@ NTSTATUS FspFileSystemCreateCheck(FSP_FILE_SYSTEM *FileSystem,
             ParentDesiredAccess = FILE_ADD_SUBDIRECTORY;
         else
             ParentDesiredAccess = FILE_ADD_FILE;
-        Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
-            ParentDesiredAccess,
-            &GrantedAccess, PSecurityDescriptor);
+        if ((Request->Req.Create.FileAttributes & FILE_ATTRIBUTE_READONLY) &&
+            (Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE))
+            Result = STATUS_CANNOT_DELETE;
+        else
+            Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
+                ParentDesiredAccess,
+                &GrantedAccess, PSecurityDescriptor);
         if (STATUS_REPARSE == Result)
             Result = FspFileSystemCallResolveReparsePoints(FileSystem, Request, Response, GrantedAccess);
         else if (NT_SUCCESS(Result))