From 4fce03c6361cefb48c4c31abd0b14aeeac3f59be Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Tue, 12 Jan 2016 15:30:13 -0800
Subject: [PATCH] sys: IRP_MJ_CREATE: root directory check

---
 src/sys/create.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/sys/create.c b/src/sys/create.c
index a1af9393..57191c32 100644
--- a/src/sys/create.c
+++ b/src/sys/create.c
@@ -99,6 +99,7 @@ static NTSTATUS FspFsvolCreate(
     }
 
     PACCESS_STATE AccessState = IrpSp->Parameters.Create.SecurityContext->AccessState;
+    ULONG CreateDisposition = (IrpSp->Parameters.Create.Options >> 24) & 0xff;
     ULONG CreateOptions = IrpSp->Parameters.Create.Options;
     USHORT FileAttributes = IrpSp->Parameters.Create.FileAttributes;
     PSECURITY_DESCRIPTOR SecurityDescriptor = AccessState->SecurityDescriptor;
@@ -194,6 +195,14 @@ static NTSTATUS FspFsvolCreate(
         if (sizeof(WCHAR) <= FileName.Length && L'\\' == FileName.Buffer[0])
             return STATUS_OBJECT_NAME_INVALID;
 
+        /* not all operations allowed on the root directory */
+        if ((FILE_CREATE == CreateDisposition ||
+            FILE_OVERWRITE == CreateDisposition ||
+            FILE_SUPERSEDE == CreateDisposition ||
+            BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY)) &&
+            sizeof(WCHAR) == RelatedFsContext->FileName.Length && 0 == FileName.Length)
+            return STATUS_ACCESS_DENIED;
+
         /* cannot FILE_DELETE_ON_CLOSE on the root directory */
         if (FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE) &&
             sizeof(WCHAR) == RelatedFsContext->FileName.Length && 0 == FileName.Length)
@@ -228,6 +237,14 @@ static NTSTATUS FspFsvolCreate(
         if (sizeof(WCHAR) <= FileName.Length && L'\\' != FileName.Buffer[0])
             return STATUS_OBJECT_NAME_INVALID;
 
+        /* not all operations allowed on the root directory */
+        if ((FILE_CREATE == CreateDisposition ||
+            FILE_OVERWRITE == CreateDisposition ||
+            FILE_SUPERSEDE == CreateDisposition ||
+            BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY)) &&
+            sizeof(WCHAR) == FileName.Length)
+            return STATUS_ACCESS_DENIED;
+
         /* cannot FILE_DELETE_ON_CLOSE on the root directory */
         if (FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE) &&
             sizeof(WCHAR) == FileName.Length)