#endif
#include "wimlib/assert.h"
-#include "wimlib/buffer_io.h"
+#include "wimlib/endianness.h"
#include "wimlib/error.h"
#include "wimlib/security.h"
#include "wimlib/sha1.h"
typedef struct _SYSTEM_AUDIT_ACE {
ACE_HEADER hdr;
- u32 mask;
- u32 sid_start;
+ le32 mask;
+ le32 sid_start;
} _packed_attribute SYSTEM_AUDIT_ACE;
u8 sbz1;
/* Total size of the ACL, including all access control entries */
- u16 acl_size;
+ le16 acl_size;
/* Number of access control entry structures that follow the ACL
* structure. */
- u16 ace_count;
+ le16 ace_count;
/* padding */
- u16 sbz2;
+ le16 sbz2;
} _packed_attribute ACL;
/* A structure used to identify users or groups. */
* have to be, one of enum sid_authority_value */
u8 identifier_authority[6];
- u32 sub_authority[];
+ le32 sub_authority[];
} _packed_attribute SID;
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
u8 revision;
/* Example: 0x0 */
u8 sbz1;
+
/* Example: 0x4149 */
- u16 security_descriptor_control;
+ le16 security_descriptor_control;
/* Offset of a SID structure in the security descriptor. */
/* Example: 0x14 */
- u32 owner_offset;
+ le32 owner_offset;
/* Offset of a SID structure in the security descriptor. */
/* Example: 0x24 */
- u32 group_offset;
+ le32 group_offset;
/* Offset of an ACL structure in the security descriptor. */
/* System ACL. */
/* Example: 0x00 */
- u32 sacl_offset;
+ le32 sacl_offset;
/* Offset of an ACL structure in the security descriptor. */
/* Discretionary ACL. */
/* Example: 0x34 */
- u32 dacl_offset;
+ le32 dacl_offset;
} _packed_attribute SECURITY_DESCRIPTOR_RELATIVE;
struct wim_security_data_disk {
- u32 total_length;
- u32 num_entries;
- u64 sizes[];
+ le32 total_length;
+ le32 num_entries;
+ le64 sizes[];
} _packed_attribute;
/*
* the validation in libntfs-3g.
*/
static void
-empty_sacl_fixup(SECURITY_DESCRIPTOR_RELATIVE *descr, size_t *size_p)
+empty_sacl_fixup(SECURITY_DESCRIPTOR_RELATIVE *descr, u64 *size_p)
{
/* No-op if no NTFS-3g support, or if NTFS-3g is version 2013 or later
* */
* Note: There is no `offset' argument because the security data is located at
* the beginning of the metadata resource.
*
- * Possible errors include:
+ * Return values:
+ * WIMLIB_ERR_SUCCESS (0)
+ * WIMLIB_ERR_INVALID_METADATA_RESOURCE
* WIMLIB_ERR_NOMEM
- * WIMLIB_ERR_INVALID_SECURITY_DATA
*/
int
read_wim_security_data(const u8 metadata_resource[], size_t metadata_resource_len,
total_len += sd->sizes[i];
if (total_len > (u64)sd->total_length)
goto out_invalid_sd;
- sd->descriptors[i] = MALLOC(sd->sizes[i]);
+ sd->descriptors[i] = memdup(p, sd->sizes[i]);
if (!sd->descriptors[i])
goto out_of_memory;
- memcpy(sd->descriptors[i], p, sd->sizes[i]);
p += sd->sizes[i];
empty_sacl_fixup((SECURITY_DESCRIPTOR_RELATIVE*)sd->descriptors[i],
&sd->sizes[i]);
"%u bytes, but calculated %u bytes",
sd->total_length, (unsigned)total_len);
}
-out_return_sd:
*sd_ret = sd;
ret = 0;
goto out;
out_invalid_sd:
ERROR("WIM security data is invalid!");
- ret = WIMLIB_ERR_INVALID_SECURITY_DATA;
+ ret = WIMLIB_ERR_INVALID_METADATA_RESOURCE;
goto out_free_sd;
out_of_memory:
ERROR("Out of memory while reading WIM security data!");
u8 *orig_p = p;
struct wim_security_data_disk *sd_disk = (struct wim_security_data_disk*)p;
+ u32 num_entries = sd->num_entries;
sd_disk->total_length = cpu_to_le32(sd->total_length);
- sd_disk->num_entries = cpu_to_le32(sd->num_entries);
+ sd_disk->num_entries = cpu_to_le32(num_entries);
- for (u32 i = 0; i < sd->num_entries; i++)
+ for (u32 i = 0; i < num_entries; i++)
sd_disk->sizes[i] = cpu_to_le64(sd->sizes[i]);
- p = (u8*)&sd_disk->sizes[sd_disk->num_entries];
+ p = (u8*)&sd_disk->sizes[num_entries];
- for (u32 i = 0; i < sd->num_entries; i++)
+ for (u32 i = 0; i < num_entries; i++)
p = mempcpy(p, sd->descriptors[i], sd->sizes[i]);
- while (p - orig_p < sd->total_length)
+ while ((uintptr_t)p & 7)
*p++ = 0;
wimlib_assert(p - orig_p == sd->total_length);
struct sd_node *new;
u8 **descriptors;
u64 *sizes;
- char *descr_copy;
+ u8 *descr_copy;
struct wim_security_data *sd;
bool bret;
new = MALLOC(sizeof(*new));
if (!new)
goto out;
- descr_copy = MALLOC(size);
+
+ descr_copy = memdup(descriptor, size);
if (!descr_copy)
goto out_free_node;
sd = sd_set->sd;
-
- memcpy(descr_copy, descriptor, size);
new->security_id = sd->num_entries;
copy_hash(new->hash, hash);