* [PATCH 0/3] misc code cleanup
@ 2020-04-24 18:59 Shawn Hoffman
2020-04-24 18:59 ` [PATCH 1/3] don't leak TunDispatchSecurityDescriptor if second RtlAbsoluteToSelfRelativeSD fails. practically this can't happen, but from wintun code it's unclear Shawn Hoffman
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 18:59 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
misc code cleanup. just getting feet wet.
Shawn Hoffman (3):
don't leak TunDispatchSecurityDescriptor if second
RtlAbsoluteToSelfRelativeSD fails. practically this can't happen,
but from wintun code it's unclear.
use ExEnterCriticalRegionAndAcquireResourceExclusive and
ExReleaseResourceAndLeaveCriticalRegion
use RtlSubAuthoritySid instead of directly poking SID
wintun.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
--
2.25.0.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/3] don't leak TunDispatchSecurityDescriptor if second RtlAbsoluteToSelfRelativeSD fails. practically this can't happen, but from wintun code it's unclear.
2020-04-24 18:59 [PATCH 0/3] misc code cleanup Shawn Hoffman
@ 2020-04-24 18:59 ` Shawn Hoffman
2020-04-24 18:59 ` [PATCH 2/3] use ExEnterCriticalRegionAndAcquireResourceExclusive and ExReleaseResourceAndLeaveCriticalRegion Shawn Hoffman
2020-04-24 18:59 ` [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID Shawn Hoffman
2 siblings, 0 replies; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 18:59 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
---
wintun.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/wintun.c b/wintun.c
index 624de2f..90e7930 100644
--- a/wintun.c
+++ b/wintun.c
@@ -820,6 +820,14 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID)
return STATUS_SUCCESS;
}
+static VOID TunFreeDispatchSecurityDescriptor(VOID)
+{
+ if (!TunDispatchSecurityDescriptor)
+ return;
+ ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ TunDispatchSecurityDescriptor = NULL;
+}
+
_IRQL_requires_max_(PASSIVE_LEVEL)
static VOID
TunProcessNotification(HANDLE ParentId, HANDLE ProcessId, BOOLEAN Create)
@@ -1387,7 +1395,7 @@ TunUnload(PDRIVER_OBJECT DriverObject)
NdisMDeregisterMiniportDriver(NdisMiniportDriverHandle);
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ TunFreeDispatchSecurityDescriptor();
}
DRIVER_INITIALIZE DriverEntry;
@@ -1398,7 +1406,7 @@ DriverEntry(DRIVER_OBJECT *DriverObject, UNICODE_STRING *RegistryPath)
NTSTATUS Status;
if (!NT_SUCCESS(Status = TunInitializeDispatchSecurityDescriptor()))
- return Status;
+ goto cleanupSD;
NdisVersion = NdisGetVersion();
if (NdisVersion < NDIS_MINIPORT_VERSION_MIN)
@@ -1461,6 +1469,7 @@ cleanupNotifier:
cleanupResources:
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+cleanupSD:
+ TunFreeDispatchSecurityDescriptor();
return Status;
}
--
2.25.0.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/3] use ExEnterCriticalRegionAndAcquireResourceExclusive and ExReleaseResourceAndLeaveCriticalRegion
2020-04-24 18:59 [PATCH 0/3] misc code cleanup Shawn Hoffman
2020-04-24 18:59 ` [PATCH 1/3] don't leak TunDispatchSecurityDescriptor if second RtlAbsoluteToSelfRelativeSD fails. practically this can't happen, but from wintun code it's unclear Shawn Hoffman
@ 2020-04-24 18:59 ` Shawn Hoffman
2020-04-24 18:59 ` [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID Shawn Hoffman
2 siblings, 0 replies; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 18:59 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
---
wintun.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/wintun.c b/wintun.c
index 90e7930..00ac378 100644
--- a/wintun.c
+++ b/wintun.c
@@ -884,15 +884,13 @@ TunDispatchDeviceControl(DEVICE_OBJECT *DeviceObject, IRP *Irp)
switch (Stack->Parameters.DeviceIoControl.IoControlCode)
{
case TUN_IOCTL_REGISTER_RINGS: {
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(&TunDispatchCtxGuard, TRUE);
+ ExEnterCriticalRegionAndAcquireResourceExclusive(&TunDispatchCtxGuard);
#pragma warning(suppress : 28175)
TUN_CTX *Ctx = DeviceObject->Reserved;
Status = NDIS_STATUS_ADAPTER_NOT_READY;
if (Ctx)
Status = TunRegisterBuffers(Ctx, Irp);
- ExReleaseResourceLite(&TunDispatchCtxGuard);
- KeLeaveCriticalRegion();
+ ExReleaseResourceAndLeaveCriticalRegion(&TunDispatchCtxGuard);
break;
}
case TUN_IOCTL_FORCE_CLOSE_HANDLES:
@@ -913,14 +911,12 @@ _Use_decl_annotations_
static NTSTATUS
TunDispatchClose(DEVICE_OBJECT *DeviceObject, IRP *Irp)
{
- KeEnterCriticalRegion();
- ExAcquireResourceSharedLite(&TunDispatchCtxGuard, TRUE);
+ ExEnterCriticalRegionAndAcquireResourceExclusive(&TunDispatchCtxGuard);
#pragma warning(suppress : 28175)
TUN_CTX *Ctx = DeviceObject->Reserved;
if (Ctx)
TunUnregisterBuffers(Ctx, IoGetCurrentIrpStackLocation(Irp)->FileObject);
- ExReleaseResourceLite(&TunDispatchCtxGuard);
- KeLeaveCriticalRegion();
+ ExReleaseResourceAndLeaveCriticalRegion(&TunDispatchCtxGuard);
return NdisDispatchClose(DeviceObject, Irp);
}
--
2.25.0.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID
2020-04-24 18:59 [PATCH 0/3] misc code cleanup Shawn Hoffman
2020-04-24 18:59 ` [PATCH 1/3] don't leak TunDispatchSecurityDescriptor if second RtlAbsoluteToSelfRelativeSD fails. practically this can't happen, but from wintun code it's unclear Shawn Hoffman
2020-04-24 18:59 ` [PATCH 2/3] use ExEnterCriticalRegionAndAcquireResourceExclusive and ExReleaseResourceAndLeaveCriticalRegion Shawn Hoffman
@ 2020-04-24 18:59 ` Shawn Hoffman
2 siblings, 0 replies; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 18:59 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
---
wintun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wintun.c b/wintun.c
index 00ac378..a6a0e16 100644
--- a/wintun.c
+++ b/wintun.c
@@ -788,7 +788,7 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID)
SID LocalSystem = { 0 };
if (!NT_SUCCESS(Status = RtlInitializeSid(&LocalSystem, &NtAuthority, 1)))
return Status;
- LocalSystem.SubAuthority[0] = 18;
+ *RtlSubAuthoritySid(&LocalSystem, 0) = SECURITY_LOCAL_SYSTEM_RID;
struct
{
ACL Dacl;
--
2.25.0.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/3] fix possible TunDispatchSecurityDescriptor leak.
@ 2020-04-24 23:43 Shawn Hoffman
2020-04-24 23:43 ` [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID Shawn Hoffman
0 siblings, 1 reply; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 23:43 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
TunDispatchSecurityDescriptor will leak if second
RtlAbsoluteToSelfRelativeSD fails. Practically this can't happen, but
from wintun code it's unclear.
Signed-off-by: Shawn Hoffman <godisgovernment@gmail.com>
---
wintun.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/wintun.c b/wintun.c
index 624de2f..90e7930 100644
--- a/wintun.c
+++ b/wintun.c
@@ -820,6 +820,14 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID)
return STATUS_SUCCESS;
}
+static VOID TunFreeDispatchSecurityDescriptor(VOID)
+{
+ if (!TunDispatchSecurityDescriptor)
+ return;
+ ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ TunDispatchSecurityDescriptor = NULL;
+}
+
_IRQL_requires_max_(PASSIVE_LEVEL)
static VOID
TunProcessNotification(HANDLE ParentId, HANDLE ProcessId, BOOLEAN Create)
@@ -1387,7 +1395,7 @@ TunUnload(PDRIVER_OBJECT DriverObject)
NdisMDeregisterMiniportDriver(NdisMiniportDriverHandle);
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ TunFreeDispatchSecurityDescriptor();
}
DRIVER_INITIALIZE DriverEntry;
@@ -1398,7 +1406,7 @@ DriverEntry(DRIVER_OBJECT *DriverObject, UNICODE_STRING *RegistryPath)
NTSTATUS Status;
if (!NT_SUCCESS(Status = TunInitializeDispatchSecurityDescriptor()))
- return Status;
+ goto cleanupSD;
NdisVersion = NdisGetVersion();
if (NdisVersion < NDIS_MINIPORT_VERSION_MIN)
@@ -1461,6 +1469,7 @@ cleanupNotifier:
cleanupResources:
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+cleanupSD:
+ TunFreeDispatchSecurityDescriptor();
return Status;
}
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID
2020-04-24 23:43 [PATCH 1/3] fix possible TunDispatchSecurityDescriptor leak Shawn Hoffman
@ 2020-04-24 23:43 ` Shawn Hoffman
2020-10-30 15:59 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Shawn Hoffman @ 2020-04-24 23:43 UTC (permalink / raw)
To: wireguard; +Cc: Shawn Hoffman
Signed-off-by: Shawn Hoffman <godisgovernment@gmail.com>
---
wintun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wintun.c b/wintun.c
index 00ac378..a6a0e16 100644
--- a/wintun.c
+++ b/wintun.c
@@ -788,7 +788,7 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID)
SID LocalSystem = { 0 };
if (!NT_SUCCESS(Status = RtlInitializeSid(&LocalSystem, &NtAuthority, 1)))
return Status;
- LocalSystem.SubAuthority[0] = 18;
+ *RtlSubAuthoritySid(&LocalSystem, 0) = SECURITY_LOCAL_SYSTEM_RID;
struct
{
ACL Dacl;
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-30 15:59 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-24 18:59 [PATCH 0/3] misc code cleanup Shawn Hoffman
2020-04-24 18:59 ` [PATCH 1/3] don't leak TunDispatchSecurityDescriptor if second RtlAbsoluteToSelfRelativeSD fails. practically this can't happen, but from wintun code it's unclear Shawn Hoffman
2020-04-24 18:59 ` [PATCH 2/3] use ExEnterCriticalRegionAndAcquireResourceExclusive and ExReleaseResourceAndLeaveCriticalRegion Shawn Hoffman
2020-04-24 18:59 ` [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID Shawn Hoffman
2020-04-24 23:43 [PATCH 1/3] fix possible TunDispatchSecurityDescriptor leak Shawn Hoffman
2020-04-24 23:43 ` [PATCH 3/3] use RtlSubAuthoritySid instead of directly poking SID Shawn Hoffman
2020-10-30 15:59 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).