Unified Diff: src/shared/Communication.cpp
Issue 5792731695677440:
Fix named pipe security on Windows 7 (Closed)
Patch Set: Use custom free function. Make sure sure SACL is released correctly as well.
Created July 15, 2014, 2:13 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« no previous file
|
no next file »
|
no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: src/shared/Communication.cpp |
| =================================================================== |
| --- a/src/shared/Communication.cpp |
| +++ b/src/shared/Communication.cpp |
| @@ -97,50 +97,55 @@ |
| explicitAccess[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; |
| explicitAccess[1].Trustee.ptstrName = static_cast<LPWSTR>(allAppContainersSid); |
| + // Will be released later |
| PACL acl = 0; |
| - // acl has to be released after this |
| if (SetEntriesInAcl(2, explicitAccess, 0, &acl) != ERROR_SUCCESS) |
| return std::auto_ptr<SECURITY_DESCRIPTOR>(0); |
| - // This only references the acl, not copies it |
| + // NOTE: This only references the acl, not copies it. |
| + // DO NOT release the ACL before it's actually used |
| if (!SetSecurityDescriptorDacl(securityDescriptor.get(), TRUE, acl, FALSE)) |
| return std::auto_ptr<SECURITY_DESCRIPTOR>(0); |
| } |
| - // Create a dummy security descriptor with low integrirty preset and copy its SACL into ours |
| + // Create a dummy security descriptor with low integrirty preset and refference its SACL in ours |
|
Felix Dahlke
2014/07/16 14:40:03
s/refference/reference/
Oleksandr
2014/07/17 17:32:48
Um. Refference is meant to be a verb here.
On 201
Felix Dahlke
2014/07/18 12:40:57
But it's still one f too many! :)
Oleksandr
2014/07/18 12:48:34
Oh. Totally missread your correction.
On 2014/07/
|
| LPCWSTR accessControlEntry = L"S:(ML;;NW;;;LW)"; |
| PSECURITY_DESCRIPTOR dummySecurityDescriptorLow; |
| ConvertStringSecurityDescriptorToSecurityDescriptorW(accessControlEntry, SDDL_REVISION_1, &dummySecurityDescriptorLow, 0); |
| std::tr1::shared_ptr<SECURITY_DESCRIPTOR> sharedDummySecurityDescriptor(static_cast<SECURITY_DESCRIPTOR*>(dummySecurityDescriptorLow), LocalFree); // Just to simplify cleanup |
| - BOOL saclPresent = FALSE; |
| - BOOL saclDefaulted = FALSE; |
| - PACL sacl; |
| - GetSecurityDescriptorSacl(dummySecurityDescriptorLow, &saclPresent, &sacl, &saclDefaulted); |
| - if (saclPresent) |
| + |
| + DWORD sdSize, saclSize, daclSize, ownerSize, primaryGroupSize; |
|
Felix Dahlke
2014/07/16 14:40:03
Shouldn't we initialise all the sizes to 0 here? S
|
| + MakeAbsoluteSD(dummySecurityDescriptorLow, 0, &sdSize, 0, &daclSize, 0, &saclSize, 0, &ownerSize, 0, &primaryGroupSize); |
| + if ((saclSize == 0) || (sdSize == 0)) |
|
Felix Dahlke
2014/07/16 14:40:03
Redundant parentheses around both comparisons.
|
| { |
| - if (!SetSecurityDescriptorSacl(securityDescriptor.get(), TRUE, sacl, FALSE)) |
| - { |
| DWORD err = GetLastError(); |
|
Felix Dahlke
2014/07/16 14:40:03
Unused variable.
|
| return std::auto_ptr<SECURITY_DESCRIPTOR>(0); |
| - } |
| + } |
| + // Will be released later |
| + PACL sacl = (PACL) new byte[saclSize]; |
|
Felix Dahlke
2014/07/16 14:40:03
I'd actually find malloc more intuitive here. byte
|
| + std::auto_ptr<SECURITY_DESCRIPTOR> absoluteDummySecurityDescriptorLow((SECURITY_DESCRIPTOR*) new byte[sdSize]); |
| + daclSize = 0; |
| + ownerSize = 0; |
| + primaryGroupSize = 0; |
| + BOOL res = MakeAbsoluteSD(dummySecurityDescriptorLow, absoluteDummySecurityDescriptorLow.get(), &sdSize, 0, &daclSize, sacl, &saclSize, 0, &ownerSize, 0, &primaryGroupSize); |
| + if ((res == 0) || (absoluteDummySecurityDescriptorLow.get() == 0) || (saclSize == 0)) |
|
Felix Dahlke
2014/07/16 14:40:03
Redundant parentheses here as well.
Also, !res wo
|
| + { |
| + DWORD err = GetLastError(); |
|
Felix Dahlke
2014/07/16 14:40:03
Also unused.
|
| + return std::auto_ptr<SECURITY_DESCRIPTOR>(0); |
| + } |
| + |
| + // NOTE: This only references the acl, not copies it. |
| + // DO NOT release the ACL before it's actually used |
| + if (!SetSecurityDescriptorSacl(securityDescriptor.get(), TRUE, sacl, FALSE)) |
| + { |
| + DWORD err = GetLastError(); |
| + return std::auto_ptr<SECURITY_DESCRIPTOR>(0); |
| } |
| return securityDescriptor; |
| } |
| } |
| - // Releases the DACL structure in the provided security descriptor |
| - void ReleaseDacl(PSECURITY_DESCRIPTOR securityDescriptor) |
| - { |
| - BOOL aclPresent = FALSE; |
| - BOOL aclDefaulted = FALSE; |
| - PACL acl; |
| - GetSecurityDescriptorDacl(securityDescriptor, &aclPresent, &acl, &aclDefaulted); |
| - if (aclPresent) |
| - { |
| - LocalFree(acl); |
| - } |
| - } |
| const std::wstring Communication::pipeName = L"\\\\.\\pipe\\adblockplusengine_" + GetUserName(); |
| void Communication::InputBuffer::CheckType(Communication::ValueType expectedType) |
| @@ -182,6 +187,27 @@ |
| { |
| } |
| +void FreeAbsoluteSecurityDescriptor(SECURITY_DESCRIPTOR* securityDescriptor) |
| +{ |
| + BOOL aclPresent = FALSE; |
| + BOOL aclDefaulted = FALSE; |
| + PACL acl = 0; |
| + GetSecurityDescriptorDacl(securityDescriptor, &aclPresent, &acl, &aclDefaulted); |
| + if (aclPresent) |
| + { |
| + LocalFree(acl); |
| + } |
| + aclPresent = FALSE; |
| + aclDefaulted = false; |
|
Felix Dahlke
2014/07/16 14:40:03
Should also be that Windows FALSE macro for consis
|
| + acl = 0; |
| + GetSecurityDescriptorSacl(securityDescriptor, &aclPresent, &acl, &aclDefaulted); |
| + if (aclPresent) |
| + { |
| + delete acl; |
|
Felix Dahlke
2014/07/16 14:40:03
You need to use delete[], since it was allocated u
|
| + } |
| + delete securityDescriptor; |
| +} |
| + |
| Communication::Pipe::Pipe(const std::wstring& pipeName, Communication::Pipe::Mode mode) |
| { |
| pipe = INVALID_HANDLE_VALUE; |
| @@ -192,7 +218,6 @@ |
| securityAttributes.bInheritHandle = TRUE; |
| std::tr1::shared_ptr<SECURITY_DESCRIPTOR> sharedSecurityDescriptor; // Just to simplify cleanup |
| - |
| AutoHandle token; |
| OpenProcessToken(GetCurrentProcess(), TOKEN_READ, token); |
| @@ -201,20 +226,13 @@ |
| std::auto_ptr<SID> logonSid = GetLogonSid(token); |
| // Create a SECURITY_DESCRIPTOR that has both Low Integrity and allows access to all AppContainers |
| // This is needed since IE likes to jump out of Enhanced Protected Mode for specific pages (bing.com) |
| - |
| - // ATTENTION: DACL in the returned securityDescriptor has to be manually released by ReleaseDacl |
| std::auto_ptr<SECURITY_DESCRIPTOR> securityDescriptor = CreateSecurityDescriptor(logonSid.get()); |
| securityAttributes.lpSecurityDescriptor = securityDescriptor.release(); |
| - sharedSecurityDescriptor.reset(static_cast<SECURITY_DESCRIPTOR*>(securityAttributes.lpSecurityDescriptor)); |
| + sharedSecurityDescriptor.reset(static_cast<SECURITY_DESCRIPTOR*>(securityAttributes.lpSecurityDescriptor), FreeAbsoluteSecurityDescriptor); |
| } |
| pipe = CreateNamedPipeW(pipeName.c_str(), PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, |
| PIPE_UNLIMITED_INSTANCES, bufferSize, bufferSize, 0, &securityAttributes); |
| - |
| - if (IsWindowsVistaOrLater()) |
| - { |
| - ReleaseDacl(securityAttributes.lpSecurityDescriptor); |
| - } |
| } |
| else |
| { |
« no previous file with comments
|
« no previous file
|
no next file »
|
no next file with comments »
