inc: fsctl: HasTrailingBackslash: allows for better checking user mode

2025-06-15 08:12:45 -05:00 · 2016-12-24 11:28:59 -08:00
parent 9bf0d5d46d
commit bec91873fe
4 changed files with 24 additions and 13 deletions
--- a/src/dll/fsop.c
+++ b/src/dll/fsop.c
@ -189,7 +189,10 @@ NTSTATUS FspFileSystemCreateCheck(FSP_FILE_SYSTEM *FileSystem,
            ParentDesiredAccess = FILE_ADD_SUBDIRECTORY;
        else
            ParentDesiredAccess = FILE_ADD_FILE;
-        if ((Request->Req.Create.FileAttributes & FILE_ATTRIBUTE_READONLY) &&
+        if (Request->Req.Create.HasTrailingBackslash &&
+            !(Request->Req.Create.CreateOptions & FILE_DIRECTORY_FILE))
+            Result = STATUS_OBJECT_NAME_INVALID;
+        else if ((Request->Req.Create.FileAttributes & FILE_ATTRIBUTE_READONLY) &&
            (Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE))
            Result = STATUS_CANNOT_DELETE;
        else
@ -209,11 +212,14 @@ NTSTATUS FspFileSystemCreateCheck(FSP_FILE_SYSTEM *FileSystem,
    {
        *PSecurityDescriptor = 0;

-        Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
-            Request->Req.Create.DesiredAccess |
-                FILE_WRITE_DATA |
-                ((Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE) ? DELETE : 0),
-            &GrantedAccess, 0);
+        if (Request->Req.Create.HasTrailingBackslash)
+            Result = STATUS_OBJECT_NAME_INVALID;
+        else
+            Result = FspAccessCheckEx(FileSystem, Request, TRUE, AllowTraverseCheck,
+                Request->Req.Create.DesiredAccess |
+                    FILE_WRITE_DATA |
+                    ((Request->Req.Create.CreateOptions & FILE_DELETE_ON_CLOSE) ? DELETE : 0),
+                &GrantedAccess, 0);
        if (STATUS_REPARSE == Result)
            Result = FspFileSystemCallResolveReparsePoints(FileSystem, Request, Response, GrantedAccess);
        else if (NT_SUCCESS(Result))
--- a/src/dll/security.c
+++ b/src/dll/security.c
@ -191,6 +191,13 @@ FSP_API NTSTATUS FspAccessCheckEx(FSP_FILE_SYSTEM *FileSystem,
    if (!NT_SUCCESS(Result) || STATUS_REPARSE == Result)
        goto exit;

+    if (!CheckParentOrMain && Request->Req.Create.HasTrailingBackslash &&
+        !(FileAttributes & FILE_ATTRIBUTE_DIRECTORY))
+    {
+        Result = STATUS_OBJECT_NAME_INVALID;
+        goto exit;
+    }
+
    if (Request->Req.Create.UserMode && 0 < SecurityDescriptorSize)
    {
        if (0 == DesiredAccess)