https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b33911b93dacbc0a1dcdf9869d5fb71b077a7617
commit b33911b93dacbc0a1dcdf9869d5fb71b077a7617
Author: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
AuthorDate: Fri May 20 02:26:21 2022 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-ma...@reactos.org>
CommitDate: Mon May 23 19:30:34 2022 +0200
[NTOS:SE] SepPerformTokenFiltering(): Remove useless SEH handling (#4523)
This function is either called inter-kernel (in which case, all
parameters must be valid, and if not, we have to bugcheck), or, it
is called with **captured** parameters (from NtFilterToken) and those
latter ones are now expected to be valid and reside in kernel-mode.
Finally, data copied between token structures reside in kernel-mode
only and again are expected to be valid (if not, we bugcheck).
---
ntoskrnl/se/token.c | 132 +++++++++++-----------------------------------------
1 file changed, 26 insertions(+), 106 deletions(-)
diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index f215f4c1fe2..96e972f2c5b 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -2254,27 +2254,9 @@ SepPerformTokenFiltering(
EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
VariableLength -= PrivilegesLength;
- if (PreviousMode != KernelMode)
- {
- _SEH2_TRY
- {
- RtlCopyMemory(AccessToken->Privileges,
- Token->Privileges,
- AccessToken->PrivilegeCount *
sizeof(LUID_AND_ATTRIBUTES));
- }
- _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
- {
- Status = _SEH2_GetExceptionCode();
- _SEH2_YIELD(goto Quit);
- }
- _SEH2_END;
- }
- else
- {
- RtlCopyMemory(AccessToken->Privileges,
- Token->Privileges,
- AccessToken->PrivilegeCount *
sizeof(LUID_AND_ATTRIBUTES));
- }
+ RtlCopyMemory(AccessToken->Privileges,
+ Token->Privileges,
+ AccessToken->PrivilegeCount *
sizeof(LUID_AND_ATTRIBUTES));
}
/* Copy the user and groups */
@@ -2287,39 +2269,17 @@ SepPerformTokenFiltering(
EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
VariableLength -= ((ULONG_PTR)EndMem -
(ULONG_PTR)AccessToken->UserAndGroups);
- if (PreviousMode != KernelMode)
- {
- _SEH2_TRY
- {
- Status =
RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
- Token->UserAndGroups,
- VariableLength,
-
AccessToken->UserAndGroups,
- EndMem,
- &EndMem,
- &VariableLength);
- }
- _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
- {
- Status = _SEH2_GetExceptionCode();
- _SEH2_YIELD(goto Quit);
- }
- _SEH2_END;
- }
- else
+ Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
+ Token->UserAndGroups,
+ VariableLength,
+ AccessToken->UserAndGroups,
+ EndMem,
+ &EndMem,
+ &VariableLength);
+ if (!NT_SUCCESS(Status))
{
- Status =
RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
- Token->UserAndGroups,
- VariableLength,
- AccessToken->UserAndGroups,
- EndMem,
- &EndMem,
- &VariableLength);
- if (!NT_SUCCESS(Status))
- {
- DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups
into token (Status 0x%lx)\n", Status);
- goto Quit;
- }
+ DPRINT1("SepPerformTokenFiltering(): Failed to copy the groups
into token (Status 0x%lx)\n", Status);
+ goto Quit;
}
}
@@ -2333,39 +2293,17 @@ SepPerformTokenFiltering(
EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
VariableLength -= ((ULONG_PTR)EndMem -
(ULONG_PTR)AccessToken->RestrictedSids);
- if (PreviousMode != KernelMode)
- {
- _SEH2_TRY
- {
- Status =
RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
- Token->RestrictedSids,
- VariableLength,
-
AccessToken->RestrictedSids,
- EndMem,
- &EndMem,
- &VariableLength);
- }
- _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
- {
- Status = _SEH2_GetExceptionCode();
- _SEH2_YIELD(goto Quit);
- }
- _SEH2_END;
- }
- else
+ Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
+ Token->RestrictedSids,
+ VariableLength,
+ AccessToken->RestrictedSids,
+ EndMem,
+ &EndMem,
+ &VariableLength);
+ if (!NT_SUCCESS(Status))
{
- Status =
RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
- Token->RestrictedSids,
- VariableLength,
- AccessToken->RestrictedSids,
- EndMem,
- &EndMem,
- &VariableLength);
- if (!NT_SUCCESS(Status))
- {
- DPRINT1("SepPerformTokenFiltering(): Failed to copy the
restricted SIDs into token (Status 0x%lx)\n", Status);
- goto Quit;
- }
+ DPRINT1("SepPerformTokenFiltering(): Failed to copy the restricted
SIDs into token (Status 0x%lx)\n", Status);
+ goto Quit;
}
}
@@ -2614,27 +2552,9 @@ SepPerformTokenFiltering(
EndMem = (PVOID)((ULONG_PTR)EndMem + RestrictedSidsLength);
VariableLength -= RestrictedSidsLength;
- if (PreviousMode != KernelMode)
- {
- _SEH2_TRY
- {
- RtlCopyMemory(AccessToken->RestrictedSids,
- RestrictedSidsIntoToken,
- AccessToken->RestrictedSidCount *
sizeof(SID_AND_ATTRIBUTES));
- }
- _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
- {
- Status = _SEH2_GetExceptionCode();
- _SEH2_YIELD(goto Quit);
- }
- _SEH2_END;
- }
- else
- {
- RtlCopyMemory(AccessToken->RestrictedSids,
- RestrictedSidsIntoToken,
- AccessToken->RestrictedSidCount *
sizeof(SID_AND_ATTRIBUTES));
- }
+ RtlCopyMemory(AccessToken->RestrictedSids,
+ RestrictedSidsIntoToken,
+ AccessToken->RestrictedSidCount *
sizeof(SID_AND_ATTRIBUTES));
/*
* As we've copied the restricted SIDs into
