[NTOSKRNL]
authorEric Kohl <eric.kohl@reactos.org>
Sun, 21 Mar 2010 14:10:50 +0000 (14:10 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Sun, 21 Mar 2010 14:10:50 +0000 (14:10 +0000)
NtAccessCheck
- Probe parameters.
- Fail if generic access rights have not been mapped.

svn path=/trunk/; revision=46297

reactos/ntoskrnl/se/semgr.c

index 8ed056b..d9d7eb1 100644 (file)
@@ -704,6 +704,27 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
         return STATUS_SUCCESS;
     }
 
+    /* Protect probe in SEH */
+    _SEH2_TRY
+    {
+        /* Probe all pointers */
+        ProbeForRead(GenericMapping, sizeof(GENERIC_MAPPING), sizeof(ULONG));
+        ProbeForRead(PrivilegeSetLength, sizeof(ULONG), sizeof(ULONG));
+        ProbeForWrite(PrivilegeSet, *PrivilegeSetLength, sizeof(ULONG));
+        ProbeForWrite(GrantedAccess, sizeof(ACCESS_MASK), sizeof(ULONG));
+        ProbeForWrite(AccessStatus, sizeof(NTSTATUS), sizeof(ULONG));
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        /* Return the exception code */
+        _SEH2_YIELD(return _SEH2_GetExceptionCode());
+    }
+    _SEH2_END;
+
+    /* Check for unmapped access rights */
+    if (DesiredAccess & (GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL))
+        return STATUS_GENERIC_NOT_MAPPED;
+
     /* Reference the token */
     Status = ObReferenceObjectByHandle(TokenHandle,
                                        TOKEN_QUERY,