sys: FspValidRelativeSecurityDescriptor

2025-04-22 16:33:02 -05:00 · 2015-11-30 15:22:35 -08:00 · 2015-11-30 15:22:35 -08:00 · a318100d24
commit a318100d24
parent 5aa6af2653
4 changed files with 40 additions and 13 deletions
--- a/src/sys/device.c
+++ b/src/sys/device.c
@ -147,7 +147,6 @@ VOID FspDeviceDelete(PDEVICE_OBJECT DeviceObject)
    }

    ExDeleteResourceLite(&DeviceExtension->Resource);
-    RtlZeroMemory(DeviceExtension, DeviceObject->Size - sizeof(DEVICE_OBJECT));

    IoDeleteDevice(DeviceObject);
 }
--- a/src/sys/driver.h
+++ b/src/sys/driver.h
@ -322,6 +322,9 @@ VOID FspIopDispatchComplete(PIRP Irp, const FSP_FSCTL_TRANSACT_RSP *Response);

 /* misc */
 NTSTATUS FspCreateGuid(GUID *Guid);
+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation);
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode);

--- a/src/sys/fsctl.c
+++ b/src/sys/fsctl.c
@ -110,7 +110,7 @@ static NTSTATUS FspFsctlCreateVolume(
    PSECURITY_DESCRIPTOR SecurityDescriptor = (PVOID)(Params + 1);
    DWORD SecurityDescriptorSize = InputBufferLength - sizeof *Params;
    if (sizeof *Params >= InputBufferLength || 0 == SystemBuffer ||
-        !RtlValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorSize,
+        !FspValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorSize,
            OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
        return STATUS_INVALID_PARAMETER;
    if (FSP_FSCTL_CREATE_BUFFER_SIZE > OutputBufferLength)
--- a/src/sys/misc.c
+++ b/src/sys/misc.c
@ -7,11 +7,15 @@
 #include <sys/driver.h>

 NTSTATUS FspCreateGuid(GUID *Guid);
+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation);
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode);

 #ifdef ALLOC_PRAGMA
 #pragma alloc_text(PAGE, FspCreateGuid)
+#pragma alloc_text(PAGE, FspValidRelativeSecurityDescriptor)
 #pragma alloc_text(PAGE, FspSecuritySubjectContextAccessCheck)
 #endif

@ -30,6 +34,27 @@ NTSTATUS FspCreateGuid(GUID *Guid)
    return Result;
 }

+BOOLEAN FspValidRelativeSecurityDescriptor(
+    PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG SecurityDescriptorLength,
+    SECURITY_INFORMATION RequiredInformation)
+{
+    PAGED_CODE();
+
+    BOOLEAN Result;
+
+    try
+    {
+        Result = RtlValidRelativeSecurityDescriptor(SecurityDescriptor, SecurityDescriptorLength,
+            RequiredInformation);
+    }
+    except(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Result = FALSE;
+    }
+
+    return Result;
+}
+
 NTSTATUS FspSecuritySubjectContextAccessCheck(
    PSECURITY_DESCRIPTOR SecurityDescriptor, ACCESS_MASK DesiredAccess, KPROCESSOR_MODE AccessMode)
 {