PACL,PSID Leakage Problem

akin_ocal · June 30, 2007, 7:07pm

In my main scope i declare my pointer variables :

…
PSID ownerSid = NULL ;
PACL pDACL = NULL ;
ownerSid = GetOwnerSIDFromFile (path);
pDACL = GetDACLFromFile (path);
if(ownerSid) FreeSid(ownerSid);
if(pDACL) LocalFree(pDACL);
…

PSID and PACL still cause leakages altgough i try to release them. How can i handle that situation ?

Here are 2 functions i call :

PSID GetOwnerSIDFromFile (char* sFileOrFolderName)
{
DWORD dwRtnCode = 0;
PSID pSidOwner = NULL ;
HANDLE hFile;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
return NULL ;

AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSidOwner) ;

if( !pSidOwner )
{
CloseHandle(hFile);

return NULL ;
}

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
NULL);

CloseHandle(hFile);

return pSidOwner ;
}

PACL GetDACLFromFile (char* sFileOrFolderName)

{
PACL pDACL = NULL ;
DWORD dwRtnCode = 0;

HANDLE hFile;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
return NULL ;

pDACL = (PACL)LocalAlloc(LPTR,sizeof(PACL));

if( !pDACL )
return NULL ;

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pDACL,
NULL,
NULL);

CloseHandle(hFile);

return pDACL ;
}

OSR_Community_User · June 30, 2007, 8:08pm

You need to pass &pSidOwner and & pSid to LocalFree (with some casting)
instead of pSidOwner and pSid.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Saturday, June 30, 2007 19:09
To: Windows System Software Devs Interest List
Subject: [ntdev] PACL,PSID Leakage Problem

In my main scope i declare my pointer variables :

…
PSID ownerSid = NULL ;
PACL pDACL = NULL ;
ownerSid = GetOwnerSIDFromFile (path);
pDACL = GetDACLFromFile (path);
if(ownerSid) FreeSid(ownerSid);
if(pDACL) LocalFree(pDACL);
…

PSID and PACL still cause leakages altgough i try to release them. How
can i handle that situation ?

Here are 2 functions i call :

PSID GetOwnerSIDFromFile (char* sFileOrFolderName)
{
DWORD dwRtnCode = 0;
PSID pSidOwner = NULL ;
HANDLE hFile;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld =
SECURITY_WORLD_SID_AUTHORITY;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
return NULL ;

AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0,
0, 0, 0, 0, 0, &pSidOwner) ;

if( !pSidOwner )
{
CloseHandle(hFile);

return NULL ;
}

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
NULL);

CloseHandle(hFile);

return pSidOwner ;
}

PACL GetDACLFromFile (char* sFileOrFolderName)

{
PACL pDACL = NULL ;
DWORD dwRtnCode = 0;

HANDLE hFile;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
return NULL ;

pDACL = (PACL)LocalAlloc(LPTR,sizeof(PACL));

if( !pDACL )
return NULL ;

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pDACL,
NULL,
NULL);

CloseHandle(hFile);

return pDACL ;
}

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Tim_Roberts · July 2, 2007, 1:51pm

Martin O’Brien wrote:

You need to pass &pSidOwner and & pSid to LocalFree (with some casting)
instead of pSidOwner and pSid.

Bzzzt, sorry, but thanks for playing. pSidOwner and pSid CONTAIN the
pointers. It is their CONTENTS that you want to pass to FreeSid and
LocalFree, not their addresses.

However, your confusion is exactly what is burning the original poster,
but in a different way. GetSecurityInfo allocates these objects and
returns their addresses to you. Unlike most APIs, you do not allocate a
buffer and let GetSecurityInfo fill it in. That is mostly because these
are variable-length structures.

So, when you call GetSecurityInfo, it is overwriting your allocated
space, thereby causing it to leak. What you are freeing is the space
allocated by GetSecurityInfo. Get rid of the LocalAlloc and the
AllocateAndInitializeSid call and all should be well.

AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0,
0, 0, 0, 0, 0, &pSidOwner) ;

Here you allocate a SID.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
NULL);

Here, GetSecurityInfo allocates its own SID and overwrites the pointer
to yours, which cannot be recovered.

pDACL = (PACL)LocalAlloc(LPTR,sizeof(PACL));

Again, here you allocate an ACL.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pDACL,
NULL,
NULL);

And here, GetSecurityInfo allocates its own ACL and overwrites the
pointer to yours, which cannot be recovered.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · July 2, 2007, 3:14pm

Indeed you are right.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Monday, July 02, 2007 13:50
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] PACL,PSID Leakage Problem

Martin O’Brien wrote:

You need to pass &pSidOwner and & pSid to LocalFree (with some
casting)
instead of pSidOwner and pSid.

Bzzzt, sorry, but thanks for playing. pSidOwner and pSid CONTAIN the
pointers. It is their CONTENTS that you want to pass to FreeSid and
LocalFree, not their addresses.

However, your confusion is exactly what is burning the original poster,
but in a different way. GetSecurityInfo allocates these objects and
returns their addresses to you. Unlike most APIs, you do not allocate a
buffer and let GetSecurityInfo fill it in. That is mostly because these
are variable-length structures.

So, when you call GetSecurityInfo, it is overwriting your allocated
space, thereby causing it to leak. What you are freeing is the space
allocated by GetSecurityInfo. Get rid of the LocalAlloc and the
AllocateAndInitializeSid call and all should be well.

AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0,
0, 0, 0, 0, 0, &pSidOwner) ;

Here you allocate a SID.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
NULL);

Here, GetSecurityInfo allocates its own SID and overwrites the pointer
to yours, which cannot be recovered.

pDACL = (PACL)LocalAlloc(LPTR,sizeof(PACL));

Again, here you allocate an ACL.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pDACL,
NULL,
NULL);

And here, GetSecurityInfo allocates its own ACL and overwrites the
pointer to yours, which cannot be recovered.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · July 2, 2007, 4:16pm

I did really look at this very closely. For some reason saw the pattern
of RpcStringFree() in my head.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, July 02, 2007 15:14
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] PACL,PSID Leakage Problem

Indeed you are right.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Monday, July 02, 2007 13:50
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] PACL,PSID Leakage Problem

Martin O’Brien wrote:

You need to pass &pSidOwner and & pSid to LocalFree (with some
casting)
instead of pSidOwner and pSid.

Bzzzt, sorry, but thanks for playing. pSidOwner and pSid CONTAIN the
pointers. It is their CONTENTS that you want to pass to FreeSid and
LocalFree, not their addresses.

However, your confusion is exactly what is burning the original poster,
but in a different way. GetSecurityInfo allocates these objects and
returns their addresses to you. Unlike most APIs, you do not allocate a
buffer and let GetSecurityInfo fill it in. That is mostly because these
are variable-length structures.

So, when you call GetSecurityInfo, it is overwriting your allocated
space, thereby causing it to leak. What you are freeing is the space
allocated by GetSecurityInfo. Get rid of the LocalAlloc and the
AllocateAndInitializeSid call and all should be well.

AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0,
0, 0, 0, 0, 0, &pSidOwner) ;

Here you allocate a SID.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
NULL);

Here, GetSecurityInfo allocates its own SID and overwrites the pointer
to yours, which cannot be recovered.

pDACL = (PACL)LocalAlloc(LPTR,sizeof(PACL));

Again, here you allocate an ACL.

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pDACL,
NULL,
NULL);

And here, GetSecurityInfo allocates its own ACL and overwrites the
pointer to yours, which cannot be recovered.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

akin_ocal · July 3, 2007, 5:08am

Thank you very very much
How can i avoid leakages then , should i call any allocation function ?

akin_ocal · July 3, 2007, 5:11am

I am trying this code , it still gives leakages…

BOOL GetAll (char* sFileOrFolderName )
{
DWORD dwRtnCode = 0;
PSID pSidOwner = NULL ;

HANDLE hFile;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
{

hFile = CreateFile (
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING,
FILE_FLAG_BACKUP_SEMANTICS,
NULL);

return FALSE;

}

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
(&pSidOwner),
NULL,
NULL,
NULL,
NULL);

if( !pSidOwner )
{
CloseHandle(hFile);

return FALSE;
}

CloseHandle(hFile);

return TRUE ;

}

int _tmain(int argc, _TCHAR* argv)
{
while(1)
{
if(!GetAll(“d:\aa.txt”))
{
printf(“\nFailed”);
}

Sleep(1000);
}
return 0;
}

OSR_Community_User · July 3, 2007, 9:46am

Your not calling LocalFree().

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Tuesday, July 03, 2007 05:13
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] PACL,PSID Leakage Problem

I am trying this code , it still gives leakages…

BOOL GetAll (char* sFileOrFolderName )
{
DWORD dwRtnCode = 0;
PSID pSidOwner = NULL ;

HANDLE hFile;

hFile = CreateFile(
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);

if (hFile == INVALID_HANDLE_VALUE)
{

hFile = CreateFile (
sFileOrFolderName,
GENERIC_READ,
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING,
FILE_FLAG_BACKUP_SEMANTICS,
NULL);

return FALSE;

}

dwRtnCode = GetSecurityInfo(
hFile,
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
(&pSidOwner),
NULL,
NULL,
NULL,
NULL);

if( !pSidOwner )
{
CloseHandle(hFile);

return FALSE;
}

CloseHandle(hFile);

return TRUE ;

}

int _tmain(int argc, _TCHAR* argv)
{
while(1)
{
if(!GetAll(“d:\aa.txt”))
{
printf(“\nFailed”);
}

Sleep(1000);
}
return 0;
}

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Tim_Roberts · July 3, 2007, 1:03pm

xxxxx@hotmail.com wrote:

I am trying this code , it still gives leakages…

Did you read the documentation, or my message? GetSecurityInfo is
allocating the SID for you. When it returns, you own the SID. *You*
still have to free it. The code you posted doesn’t free the SID at all,
thereby causing a leak.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.