From 0f3635355120cbd54e65005cea937aadf1d038c7 Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Sat, 27 Oct 2018 11:47:42 +0200 Subject: [PATCH] [NTOSKRNL] Implement the ObpIsUnsecureName() helper function --- ntoskrnl/ob/obname.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/ntoskrnl/ob/obname.c b/ntoskrnl/ob/obname.c index 7071a7dd0ef..5177cc12248 100644 --- a/ntoskrnl/ob/obname.c +++ b/ntoskrnl/ob/obname.c @@ -356,6 +356,56 @@ ObpDeleteNameCheck(IN PVOID Object) } } +BOOLEAN +NTAPI +ObpIsUnsecureName(IN PUNICODE_STRING ObjectName, + IN BOOLEAN CaseInSensitive) +{ + BOOLEAN Unsecure; + PWSTR UnsecureBuffer; + UNICODE_STRING UnsecureName; + + /* No unsecure names known, quit */ + if (ObpUnsecureGlobalNamesBuffer[0] == UNICODE_NULL) + { + return FALSE; + } + + /* By default, we have a secure name */ + Unsecure = FALSE; + /* We will browse the whole string */ + UnsecureBuffer = &ObpUnsecureGlobalNamesBuffer[0]; + while (TRUE) + { + /* Initialize the unicode string */ + RtlInitUnicodeString(&UnsecureName, UnsecureBuffer); + /* We're at the end of the multisz string! */ + if (UnsecureName.Length == 0) + { + break; + } + + /* + * Does the unsecure name prefix the object name? + * If so, that's an unsecure name, and return so + */ + if (RtlPrefixUnicodeString(&UnsecureName, ObjectName, CaseInSensitive)) + { + Unsecure = TRUE; + break; + } + + /* + * Move to the next string. As a reminder, ObpUnsecureGlobalNamesBuffer is + * a multisz, so we move the string next to the current UNICODE_NULL char + */ + UnsecureBuffer = (PWSTR)((ULONG_PTR)UnsecureBuffer + UnsecureName.Length + sizeof(UNICODE_NULL)); + } + + /* Return our findings */ + return Unsecure; +} + NTSTATUS NTAPI ObpLookupObjectName(IN HANDLE RootHandle OPTIONAL, -- 2.17.1