[NTOSKRNL] Properly handle "big" security descriptors in ObpCaptureObjectCreateInform...
authorPierre Schweitzer <pierre@reactos.org>
Sat, 27 Oct 2018 17:35:45 +0000 (19:35 +0200)
committerPierre Schweitzer <pierre@reactos.org>
Sat, 27 Oct 2018 17:36:15 +0000 (19:36 +0200)
ntoskrnl/ob/oblife.c

index 56dbcae..798ccca 100644 (file)
@@ -460,6 +460,7 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes,
                                   IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
                                   OUT PUNICODE_STRING ObjectName)
 {
+    ULONG SdCharge, QuotaInfoSize;
     NTSTATUS Status = STATUS_SUCCESS;
     PSECURITY_DESCRIPTOR SecurityDescriptor;
     PSECURITY_QUALITY_OF_SERVICE SecurityQos;
@@ -518,8 +519,21 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes,
                     _SEH2_YIELD(return Status);
                 }
 
+                /*
+                 * By default, assume a SD size of 1024 and allow twice its
+                 * size.
+                 * If SD size happen to be bigger than that, then allow it
+                 */
+                SdCharge = 2048;
+                SeComputeQuotaInformationSize(ObjectCreateInfo->SecurityDescriptor,
+                                              &QuotaInfoSize);
+                if ((2 * QuotaInfoSize) > 2048)
+                {
+                    SdCharge = 2 * QuotaInfoSize;
+                }
+
                 /* Save the probe mode and security descriptor size */
-                ObjectCreateInfo->SecurityDescriptorCharge = 2048; /* FIXME */
+                ObjectCreateInfo->SecurityDescriptorCharge = SdCharge;
                 ObjectCreateInfo->ProbeMode = AccessMode;
             }