api: remove security attributes debug trap door

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2020-10-30 13:26:36 +0100
committer: Simon Rozman <simon@rozman.si> 2020-10-31 10:41:49 +0100
commit: 8c935ce1517f4420ffd0a984e28a7a46a0c5837f (patch)
tree: e22c918d20f1cddcb17aec39b87352155111573e /api
parent: api: elevate only when needed for system operations (diff)
download: wintun-8c935ce1517f4420ffd0a984e28a7a46a0c5837f.tar.xz
wintun-8c935ce1517f4420ffd0a984e28a7a46a0c5837f.zip
6 files changed, 14 insertions, 20 deletions
diff --git a/api/adapter.c b/api/adapter.c
index 1006384..e7742b1 100644
--- a/api/adapter.c
+++ b/api/adapter.c
@@ -1274,7 +1274,7 @@ CreateTemporaryDirectory(_Out_cap_c_(MAX_PATH) WCHAR *RandomTempSubDirectory)
         swprintf_s(&RandomSubDirectory[i * 2], 3, L"%02x", RandomBytes[i]);
     if (!PathCombineW(RandomTempSubDirectory, WindowsTempDirectory, RandomSubDirectory))
         return ERROR_BUFFER_OVERFLOW;
-    if (!CreateDirectoryW(RandomTempSubDirectory, SecurityAttributes))
+    if (!CreateDirectoryW(RandomTempSubDirectory, &SecurityAttributes))
         return LOG_LAST_ERROR(L"Failed to create temporary folder");
     return ERROR_SUCCESS;
 }
@@ -1415,8 +1415,8 @@ ExecuteRunDll32(
     }
     HANDLE StreamRStdout = INVALID_HANDLE_VALUE, StreamRStderr = INVALID_HANDLE_VALUE,
            StreamWStdout = INVALID_HANDLE_VALUE, StreamWStderr = INVALID_HANDLE_VALUE;
-    if (!CreatePipe(&StreamRStdout, &StreamWStdout, SecurityAttributes, 0) ||
-        !CreatePipe(&StreamRStderr, &StreamWStderr, SecurityAttributes, 0))
+    if (!CreatePipe(&StreamRStdout, &StreamWStdout, &SecurityAttributes, 0) ||
+        !CreatePipe(&StreamRStderr, &StreamWStderr, &SecurityAttributes, 0))
     {
         Result = LOG_LAST_ERROR(L"Failed to create pipes");
         goto cleanupPipes;
@@ -1433,8 +1433,8 @@ ExecuteRunDll32(
                                                 .Response = Response,
                                                 .ResponseCapacity = ResponseCapacity };
     HANDLE ThreadStdout = NULL, ThreadStderr = NULL;
-    if ((ThreadStdout = CreateThread(SecurityAttributes, 0, ProcessStdout, &ProcessStdoutState, 0, NULL)) == NULL ||
-        (ThreadStderr = CreateThread(SecurityAttributes, 0, ProcessStderr, StreamRStderr, 0, NULL)) == NULL)
+    if ((ThreadStdout = CreateThread(&SecurityAttributes, 0, ProcessStdout, &ProcessStdoutState, 0, NULL)) == NULL ||
+        (ThreadStderr = CreateThread(&SecurityAttributes, 0, ProcessStderr, StreamRStderr, 0, NULL)) == NULL)
     {
         Result = LOG_LAST_ERROR(L"Failed to spawn reader threads");
         goto cleanupThreads;
diff --git a/api/api.c b/api/api.c
index 531a160..1ef3d64 100644
--- a/api/api.c
+++ b/api/api.c
@@ -7,8 +7,7 @@
 
 HINSTANCE ResourceModule;
 HANDLE ModuleHeap;
-static SECURITY_ATTRIBUTES SecurityAttributesSystem = { .nLength = sizeof(SECURITY_ATTRIBUTES) };
-SECURITY_ATTRIBUTES *SecurityAttributes;
+SECURITY_ATTRIBUTES SecurityAttributes = { .nLength = sizeof(SECURITY_ATTRIBUTES) };
 
 WINTUN_STATUS WINAPI
 WintunGetVersion(
@@ -65,11 +64,8 @@ DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved)
     case DLL_PROCESS_ATTACH:
         ResourceModule = hinstDLL;
         ModuleHeap = HeapCreate(0, 0, 0);
-#ifndef _DEBUG
         ConvertStringSecurityDescriptorToSecurityDescriptorW(
-            L"O:SYD:P(A;;GA;;;SY)", SDDL_REVISION_1, &SecurityAttributesSystem.lpSecurityDescriptor, NULL);
-        SecurityAttributes = &SecurityAttributesSystem;
-#endif
+            L"O:SYD:P(A;;GA;;;SY)", SDDL_REVISION_1, &SecurityAttributes.lpSecurityDescriptor, NULL);
         AdapterInit();
         NamespaceInit();
         NciInit();
@@ -78,9 +74,7 @@ DllMain(_In_ HINSTANCE hinstDLL, _In_ DWORD fdwReason, _In_ LPVOID lpvReserved)
     case DLL_PROCESS_DETACH:
         NciCleanup();
         NamespaceCleanup();
-#ifndef _DEBUG
-        LocalFree(SecurityAttributesSystem.lpSecurityDescriptor);
-#endif
+        LocalFree(SecurityAttributes.lpSecurityDescriptor);
         HeapDestroy(ModuleHeap);
         break;
     }
diff --git a/api/api.h b/api/api.h
index 0291e17..0e0e3a6 100644
--- a/api/api.h
+++ b/api/api.h
@@ -23,4 +23,4 @@
 
 extern HINSTANCE ResourceModule;
 extern HANDLE ModuleHeap;
-extern SECURITY_ATTRIBUTES *SecurityAttributes;
+extern SECURITY_ATTRIBUTES SecurityAttributes;
diff --git a/api/namespace.c b/api/namespace.c
index 2daf2f3..86c279f 100644
--- a/api/namespace.c
+++ b/api/namespace.c
@@ -82,7 +82,7 @@ NamespaceRuntimeInit(void)
 
     for (;;)
     {
-        if (CreatePrivateNamespaceW(SecurityAttributes, Boundary, L"Wintun"))
+        if (CreatePrivateNamespaceW(&SecurityAttributes, Boundary, L"Wintun"))
             break;
         Result = GetLastError();
         if (Result == ERROR_ALREADY_EXISTS)
@@ -138,7 +138,7 @@ NamespaceTakeMutex(_In_z_ const WCHAR *Pool)
     memcpy(MutexName, MutexNamePrefix, sizeof(MutexNamePrefix) - sizeof(WCHAR));
     Bin2Hex(Hash, sizeof(Hash), MutexName + _countof(MutexNamePrefix) - 1);
     MutexName[_countof(MutexName) - 1] = 0;
-    Mutex = CreateMutexW(SecurityAttributes, FALSE, MutexName);
+    Mutex = CreateMutexW(&SecurityAttributes, FALSE, MutexName);
     if (!Mutex)
         goto cleanupPoolNorm;
     switch (WaitForSingleObject(Mutex, INFINITE))
diff --git a/api/resource.c b/api/resource.c
index de02302..17bed6a 100644
--- a/api/resource.c
+++ b/api/resource.c
@@ -38,7 +38,7 @@ ResourceCopyToFile(_In_z_ const WCHAR *DestinationPath, _In_z_ const WCHAR *Reso
         DestinationPath,
         GENERIC_WRITE,
         0,
-        SecurityAttributes,
+        &SecurityAttributes,
         CREATE_NEW,
         FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY,
         NULL);
diff --git a/api/session.c b/api/session.c
index f850c44..6bb6f00 100644
--- a/api/session.c
+++ b/api/session.c
@@ -86,7 +86,7 @@ WintunStartSession(_In_ const WINTUN_ADAPTER *Adapter, _In_ DWORD Capacity, _Out
     }
     (*Session)->Descriptor.Send.RingSize = RingSize;
     (*Session)->Descriptor.Send.Ring = (TUN_RING *)AllocatedRegion;
-    (*Session)->Descriptor.Send.TailMoved = CreateEventW(SecurityAttributes, FALSE, FALSE, NULL);
+    (*Session)->Descriptor.Send.TailMoved = CreateEventW(&SecurityAttributes, FALSE, FALSE, NULL);
     if (!(*Session)->Descriptor.Send.TailMoved)
     {
         Result = LOG_LAST_ERROR(L"Failed to create send event");
@@ -95,7 +95,7 @@ WintunStartSession(_In_ const WINTUN_ADAPTER *Adapter, _In_ DWORD Capacity, _Out
 
     (*Session)->Descriptor.Receive.RingSize = RingSize;
     (*Session)->Descriptor.Receive.Ring = (TUN_RING *)(AllocatedRegion + RingSize);
-    (*Session)->Descriptor.Receive.TailMoved = CreateEvent(SecurityAttributes, FALSE, FALSE, NULL);
+    (*Session)->Descriptor.Receive.TailMoved = CreateEvent(&SecurityAttributes, FALSE, FALSE, NULL);
     if (!(*Session)->Descriptor.Receive.TailMoved)
     {
         Result = LOG_LAST_ERROR(L"Failed to create receive event");
author	Jason A. Donenfeld <Jason@zx2c4.com>	2020-10-30 13:26:36 +0100
committer	Simon Rozman <simon@rozman.si>	2020-10-31 10:41:49 +0100
commit	8c935ce1517f4420ffd0a984e28a7a46a0c5837f (patch)
tree	e22c918d20f1cddcb17aec39b87352155111573e /api
parent	api: elevate only when needed for system operations (diff)
download	wintun-8c935ce1517f4420ffd0a984e28a7a46a0c5837f.tar.xz wintun-8c935ce1517f4420ffd0a984e28a7a46a0c5837f.zip