[NTOS:SE]
authorThomas Faber <thomas.faber@reactos.org>
Fri, 27 Nov 2015 12:06:59 +0000 (12:06 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Fri, 27 Nov 2015 12:06:59 +0000 (12:06 +0000)
- Fail in SeAccessCheck if the resulting access would be zero.
CORE-10587 #resolve

svn path=/trunk/; revision=70151

reactos/ntoskrnl/se/accesschk.c

index 5928859..9bfd17f 100644 (file)
@@ -425,8 +425,17 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
     if (DesiredAccess == 0)
     {
         *GrantedAccess = PreviouslyGrantedAccess;
-        *AccessStatus = STATUS_SUCCESS;
-        ret = TRUE;
+        if (PreviouslyGrantedAccess == 0)
+        {
+            DPRINT1("Request for zero access to an object. Denying.\n");
+            *AccessStatus = STATUS_ACCESS_DENIED;
+            ret = FALSE;
+        }
+        else
+        {
+            *AccessStatus = STATUS_SUCCESS;
+            ret = TRUE;
+        }
     }
     else
     {