sys: FspValidRelativeSecurityDescriptor

2025-04-22 16:33:02 -05:00 · 2015-11-30 15:22:35 -08:00 · 2015-11-30 15:22:35 -08:00 · a318100d24
commit a318100d24
parent 5aa6af2653
4 changed files with 40 additions and 13 deletions
--- a/src/sys/device.c
+++ b/src/sys/device.c
@ -147,7 +147,6 @@ VOID FspDeviceDelete(PDEVICE_OBJECT DeviceObject)
    }

    ExDeleteResourceLite(&DeviceExtension->Resource);
-    RtlZeroMemory(DeviceExtension, DeviceObject->Size - sizeof(DEVICE_OBJECT));

    IoDeleteDevice(DeviceObject);
 }
--- a/src/sys/driver.h
+++ b/src/sys/driver.h
@ -164,12 +164,12 @@
 #pragma warning(disable:4200)           /* zero-sized array in struct/union */

 /* driver major functions */
-_Function_class_(DRIVER_DISPATCH)
-_IRQL_requires_max_(APC_LEVEL)
-    /* see https://msdn.microsoft.com/en-us/library/windows/hardware/ff540124(v=vs.85).aspx */
-_IRQL_requires_same_
-typedef NTSTATUS FSP_DRIVER_DISPATCH(
-    _In_ struct _DEVICE_OBJECT *DeviceObject, _Inout_ struct _IRP *Irp);
+_Function_class_(DRIVER_DISPATCH)
+_IRQL_requires_max_(APC_LEVEL)
+    /* see https://msdn.microsoft.com/en-us/library/windows/hardware/ff540124(v=vs.85).aspx */
+_IRQL_requires_same_
+typedef NTSTATUS FSP_DRIVER_DISPATCH(
+    _In_ struct _DEVICE_OBJECT *DeviceObject, _Inout_ struct _IRP *Irp);
 _Dispatch_type_(IRP_MJ_CLEANUP)         FSP_DRIVER_DISPATCH FspCleanup;
 _Dispatch_type_(IRP_MJ_CLOSE)           FSP_DRIVER_DISPATCH FspClose;
 _Dispatch_type_(IRP_MJ_CREATE)          FSP_DRIVER_DISPATCH FspCreate;
@ -191,10 +191,10 @@ _Dispatch_type_(IRP_MJ_SHUTDOWN)        FSP_DRIVER_DISPATCH FspShutdown;
 _Dispatch_type_(IRP_MJ_WRITE)           FSP_DRIVER_DISPATCH FspWrite;

 /* I/O process functions */
-_IRQL_requires_max_(APC_LEVEL)
-_IRQL_requires_same_
-typedef VOID FSP_IOCMPL_DISPATCH(
-    _Inout_ PIRP Irp, _In_ const FSP_FSCTL_TRANSACT_RSP *Response);
+_IRQL_requires_max_(APC_LEVEL)
+_IRQL_requires_same_
+typedef VOID FSP_IOCMPL_DISPATCH(
+    _Inout_ PIRP Irp, _In_ const FSP_FSCTL_TRANSACT_RSP *Response);
 FSP_IOCMPL_DISPATCH FspCleanupComplete;
 FSP_IOCMPL_DISPATCH FspCloseComplete;
 FSP_IOCMPL_DISPATCH FspCreateComplete;
@ -322,6 +322,9 @@ VOID FspIopDispatchComplete(PIRP Irp, const FSP_FSCTL_TRANSACT_RSP *Response);

 /* misc */
 NTSTATUS FspCreateGuid(GUID *Guid);
+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation);
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode);

@ -338,6 +341,6 @@ const char *IoctlCodeSym(ULONG ControlCode);
 extern PDRIVER_OBJECT FspDriverObject;
 extern PDEVICE_OBJECT FspFsctlDiskDeviceObject;
 extern PDEVICE_OBJECT FspFsctlNetDeviceObject;
-extern FSP_IOCMPL_DISPATCH *FspIopCompleteFunction[];
+extern FSP_IOCMPL_DISPATCH *FspIopCompleteFunction[];

 #endif
--- a/src/sys/fsctl.c
+++ b/src/sys/fsctl.c
@ -110,7 +110,7 @@ static NTSTATUS FspFsctlCreateVolume(
    PSECURITY_DESCRIPTOR SecurityDescriptor = (PVOID)(Params + 1);
    DWORD SecurityDescriptorSize = InputBufferLength - sizeof *Params;
    if (sizeof *Params >= InputBufferLength || 0 == SystemBuffer ||
-        !RtlValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorSize,
+        !FspValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorSize,
            OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
        return STATUS_INVALID_PARAMETER;
    if (FSP_FSCTL_CREATE_BUFFER_SIZE > OutputBufferLength)
--- a/src/sys/misc.c
+++ b/src/sys/misc.c
@ -7,11 +7,15 @@
 #include <sys/driver.h>

 NTSTATUS FspCreateGuid(GUID *Guid);
+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation);
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode);

 #ifdef ALLOC_PRAGMA
 #pragma alloc_text(PAGE, FspCreateGuid)
+#pragma alloc_text(PAGE, FspValidRelativeSecurityDescriptor)
 #pragma alloc_text(PAGE, FspSecuritySubjectContextAccessCheck)
 #endif

@ -30,6 +34,27 @@ NTSTATUS FspCreateGuid(GUID *Guid)
    return Result;
 }

+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation)
+{
+    PAGED_CODE();
+
+    BOOLEAN Result;
+
+    try
+    {
+        Result = RtlValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorLength,
+            RequiredInformation);
+    }
+    except(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Result = FALSE;
+    }
+
+    return Result;
+}
+
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode)
 {