| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/src/acl.h" | 5 #include "sandbox/src/acl.h" |
| 6 | 6 |
| 7 #include <aclapi.h> | 7 #include <aclapi.h> |
| 8 #include <sddl.h> | 8 #include <sddl.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 | 11 |
| 12 namespace sandbox { | 12 namespace sandbox { |
| 13 | 13 |
| 14 bool GetDefaultDacl(HANDLE token, | 14 bool GetDefaultDacl(HANDLE token, |
| 15 scoped_ptr<TOKEN_DEFAULT_DACL>* default_dacl) { | 15 scoped_ptr_malloc<TOKEN_DEFAULT_DACL>* default_dacl) { |
| 16 if (token == NULL) | 16 if (token == NULL) |
| 17 return false; | 17 return false; |
| 18 | 18 |
| 19 DCHECK(default_dacl != NULL); | 19 DCHECK(default_dacl != NULL); |
| 20 | 20 |
| 21 unsigned long length = 0; | 21 unsigned long length = 0; |
| 22 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); | 22 ::GetTokenInformation(token, TokenDefaultDacl, NULL, 0, &length); |
| 23 if (length == 0) { | 23 if (length == 0) { |
| 24 NOTREACHED(); | 24 NOTREACHED(); |
| 25 return false; | 25 return false; |
| 26 } | 26 } |
| 27 | 27 |
| 28 TOKEN_DEFAULT_DACL* acl = | 28 TOKEN_DEFAULT_DACL* acl = |
| 29 reinterpret_cast<TOKEN_DEFAULT_DACL*>(new char[length]); | 29 reinterpret_cast<TOKEN_DEFAULT_DACL*>(malloc(length)); |
| 30 default_dacl->reset(acl); | 30 default_dacl->reset(acl); |
| 31 | 31 |
| 32 if (!::GetTokenInformation(token, TokenDefaultDacl, default_dacl->get(), | 32 if (!::GetTokenInformation(token, TokenDefaultDacl, default_dacl->get(), |
| 33 length, &length)) | 33 length, &length)) |
| 34 return false; | 34 return false; |
| 35 | 35 |
| 36 return true; | 36 return true; |
| 37 } | 37 } |
| 38 | 38 |
| 39 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access, | 39 bool AddSidToDacl(const Sid& sid, ACL* old_dacl, ACCESS_MASK access, |
| (...skipping 12 matching lines...) Expand all Loading... |
| 52 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) | 52 if (ERROR_SUCCESS != ::SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) |
| 53 return false; | 53 return false; |
| 54 | 54 |
| 55 return true; | 55 return true; |
| 56 } | 56 } |
| 57 | 57 |
| 58 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { | 58 bool AddSidToDefaultDacl(HANDLE token, const Sid& sid, ACCESS_MASK access) { |
| 59 if (token == NULL) | 59 if (token == NULL) |
| 60 return false; | 60 return false; |
| 61 | 61 |
| 62 scoped_ptr<TOKEN_DEFAULT_DACL> default_dacl; | 62 scoped_ptr_malloc<TOKEN_DEFAULT_DACL> default_dacl; |
| 63 if (!GetDefaultDacl(token, &default_dacl)) | 63 if (!GetDefaultDacl(token, &default_dacl)) |
| 64 return false; | 64 return false; |
| 65 | 65 |
| 66 ACL* new_dacl = NULL; | 66 ACL* new_dacl = NULL; |
| 67 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) | 67 if (!AddSidToDacl(sid, default_dacl->DefaultDacl, access, &new_dacl)) |
| 68 return false; | 68 return false; |
| 69 | 69 |
| 70 TOKEN_DEFAULT_DACL new_token_dacl = {0}; | 70 TOKEN_DEFAULT_DACL new_token_dacl = {0}; |
| 71 new_token_dacl.DefaultDacl = new_dacl; | 71 new_token_dacl.DefaultDacl = new_dacl; |
| 72 | 72 |
| 73 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, | 73 BOOL ret = ::SetTokenInformation(token, TokenDefaultDacl, &new_token_dacl, |
| 74 sizeof(new_token_dacl)); | 74 sizeof(new_token_dacl)); |
| 75 ::LocalFree(new_dacl); | 75 ::LocalFree(new_dacl); |
| 76 return (TRUE == ret); | 76 return (TRUE == ret); |
| 77 } | 77 } |
| 78 | 78 |
| 79 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { | 79 bool AddUserSidToDefaultDacl(HANDLE token, ACCESS_MASK access) { |
| 80 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; | 80 DWORD size = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE; |
| 81 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(new BYTE[size]); | 81 TOKEN_USER* token_user = reinterpret_cast<TOKEN_USER*>(malloc(size)); |
| 82 | 82 |
| 83 scoped_ptr<TOKEN_USER> token_user_ptr(token_user); | 83 scoped_ptr_malloc<TOKEN_USER> token_user_ptr(token_user); |
| 84 | 84 |
| 85 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) | 85 if (!::GetTokenInformation(token, TokenUser, token_user, size, &size)) |
| 86 return false; | 86 return false; |
| 87 | 87 |
| 88 return AddSidToDefaultDacl(token, | 88 return AddSidToDefaultDacl(token, |
| 89 reinterpret_cast<SID*>(token_user->User.Sid), | 89 reinterpret_cast<SID*>(token_user->User.Sid), |
| 90 access); | 90 access); |
| 91 } | 91 } |
| 92 | 92 |
| 93 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, | 93 bool AddKnownSidToKernelObject(HANDLE object, const Sid& sid, |
| (...skipping 19 matching lines...) Expand all Loading... |
| 113 ::LocalFree(new_dacl); | 113 ::LocalFree(new_dacl); |
| 114 ::LocalFree(descriptor); | 114 ::LocalFree(descriptor); |
| 115 | 115 |
| 116 if (ERROR_SUCCESS != result) | 116 if (ERROR_SUCCESS != result) |
| 117 return false; | 117 return false; |
| 118 | 118 |
| 119 return true; | 119 return true; |
| 120 } | 120 } |
| 121 | 121 |
| 122 } // namespace sandbox | 122 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9107029:
Fix memory dealocatiom mismatch by using scoped_ptr_malloc (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/