From: short <>
Date: Thu, 4 Dec 2003 19:28:53 +0000 (+0000)
Subject: SeAssignSecurity(): Fixed sandbox crash for NULL ACL.
X-Git-Tag: captive-1_1_3~22
X-Git-Url: http://git.jankratochvil.net/?a=commitdiff_plain;ds=sidebyside;h=b52a58b2e9a1a4f0c7d996cd21de30183151d71c;p=captive.git

SeAssignSecurity(): Fixed sandbox crash for NULL ACL.
 - Bugreported by Tonda Nebuzelsky.
---

diff --git a/src/libcaptive/se/semgr.c b/src/libcaptive/se/semgr.c
index 3dfde97..d63eaae 100644
--- a/src/libcaptive/se/semgr.c
+++ b/src/libcaptive/se/semgr.c
@@ -98,7 +98,7 @@ static ACL *ACL_dup(ACL *acl,SECURITY_DESCRIPTOR *src,SECURITY_DESCRIPTOR *dest,
 ACL *r;
 gsize size;
 
-	g_return_val_if_fail(acl!=NULL,NULL);
+	/* 'acl' may be NULL */
 	g_return_val_if_fail(src!=NULL,NULL);
 	g_return_val_if_fail(dest!=NULL,NULL);
 	g_return_val_if_fail(destdatap!=NULL,NULL);
@@ -109,16 +109,17 @@ gsize size;
 	if (src->Control & SE_SELF_RELATIVE)
 		acl=(ACL *)(((ULONG)acl)+((ULONG)src));
 	if (!acl)
-		return NULL;
-
-	/* W32 undocumented: ReactOS uses '&0xFF' notation, I have seen value PAGE_SIZE.
-	 * W32 doc says it is a regular size.
-	 */
-	size=acl->AclSize;
-	g_assert(!(size&3));	/* sizeof(ULONG)-alignment */
-	r=*destdatap;
-	(*(char **)destdatap)+=size;
-	memcpy(r,acl,size);
+		r=NULL;
+	else {
+		/* W32 undocumented: ReactOS uses '&0xFF' notation, I have seen value PAGE_SIZE.
+		 * W32 doc says it is a regular size.
+		 */
+		size=acl->AclSize;
+		g_assert(!(size&3));	/* sizeof(ULONG)-alignment */
+		r=*destdatap;
+		(*(char **)destdatap)+=size;
+		memcpy(r,acl,size);
+		}
 	if (dest->Control & SE_SELF_RELATIVE)
 		r=(ACL *)(((ULONG)r)-((ULONG)dest));
 
@@ -184,13 +185,21 @@ gpointer destdata;
 	dest->Owner=SID_dup(src->Owner,src,dest,&destdata);
 	dest->Group=SID_dup(src->Group,src,dest,&destdata);
 	if (src->Control & SE_SACL_PRESENT) {
-		if (!(dest->Sacl=ACL_dup(src->Sacl,src,dest,&destdata)))
-			dest->Control&=~SE_SACL_PRESENT;
+		/* 'SE_SACL_PRESENT' may be site while 'Sacl==NULL'.
+		 * FIXME: How it differs from '!SE_SACL_PRESENT'?
+		 */
+		dest->Sacl=ACL_dup(src->Sacl,src,dest,&destdata);
 		}
+	else
+		dest->Sacl=NULL;
 	if (src->Control & SE_DACL_PRESENT) {
-		if (!(dest->Dacl=ACL_dup(src->Dacl,src,dest,&destdata)))
-			dest->Control&=~SE_DACL_PRESENT;
+		/* 'SE_DACL_PRESENT' may be site while 'Dacl==NULL'.
+		 * FIXME: How it differs from '!SE_DACL_PRESENT'?
+		 */
+		dest->Dacl=ACL_dup(src->Dacl,src,dest,&destdata);
 		}
+	else
+		dest->Dacl=NULL;
 
 	g_assert(((char *)dest)+size==destdata);