sys,dll: pass NULL security descriptor to user-mode file system during Create

src/dll/security.c

@@ -358,6 +358,10 @@ FSP_API NTSTATUS FspCreateSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
     if (FspFsctlTransactCreateKind != Request->Kind)
         return STATUS_INVALID_PARAMETER;
 
+    /* stream support: return NULL security descriptor when creating named stream */
+    if (Request->Req.Create.NamedStream)
+        return STATUS_SUCCESS;
+
     if (!CreatePrivateObjectSecurity(
         ParentDescriptor,
         0 != Request->Req.Create.SecurityDescriptor.Offset ?
@@ -438,6 +442,10 @@ FSP_API NTSTATUS FspSetSecurityDescriptor(FSP_FILE_SYSTEM *FileSystem,
 FSP_API VOID FspDeleteSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor,
     NTSTATUS (*CreateFunc)())
 {
+    /* stream support: allow NULL security descriptors */
+    if (0 == SecurityDescriptor)
+        return;
+
     if ((NTSTATUS (*)())FspAccessCheckEx == CreateFunc ||
         (NTSTATUS (*)())FspPosixMapPermissionsToSecurityDescriptor == CreateFunc)
         MemFree(SecurityDescriptor);

src/sys/create.c

@@ -358,7 +358,7 @@ static NTSTATUS FspFsvolCreateNoLock(
         SetFlag(FileAttributes, FILE_ATTRIBUTE_DIRECTORY);
 
     /* if we have a non-empty stream part, open the main file */
-    if (0 != StreamPart.Buffer)
+    if (0 != StreamPart.Length)
     {
         /* named streams can never be directories (even when attached to directories) */
         if (FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
@@ -449,6 +449,7 @@ static NTSTATUS FspFsvolCreateNoLock(
     Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
     Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
     Request->Req.Create.CaseSensitive = CaseSensitiveRequested;
+    Request->Req.Create.NamedStream = 0 != StreamPart.Length;
 
     /* copy the security descriptor (if any) into the request */
     if (0 != SecurityDescriptorSize)