Skip to content

Commit

Permalink
win_acl/Certificates: Fix mysterious crash
Browse files Browse the repository at this point in the history
  • Loading branch information
jpitlor committed Sep 8, 2023
1 parent 0f8b790 commit 5bfb3a2
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions plugins/module_utils/_CertACLHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,15 @@ public FileSecurity Acl
// We first have to find out how large of a buffer to reserve, so the docs say that
// we should pass NULL for the buffer address, then the penultimate parameter will
// get assigned the required size.
//
// Note: Despite the documentation saying we should pass NULL for the buffer address,
// the marshalling between C# and C misbehaves when this happens. When I tried
// this, the entire getter mysteriously returned null (instead of throwing).
// Instead, we must pass a non-null empty buffer (`new SafeSecurityDescriptorPtr`)
var securityDescriptorResult = NCryptGetProperty(
handle,
KeyStorageProperty.NCRYPT_SECURITY_DESCR_PROPERTY,
null,
new SafeSecurityDescriptorPtr(),
0,
ref securityDescriptorSize,
SecurityInformationFlags.DACL_SECURITY_INFORMATION | SecurityInformationFlags.NCRYPT_SILENT_FLAG);
Expand Down Expand Up @@ -211,10 +216,15 @@ public FileSecurity Acl
// We first have to find out how large of a buffer to reserve, so the docs say that
// we should pass NULL for the buffer address, then the penultimate parameter will
// get assigned the required size.
//
// Note: Despite the documentation saying we should pass NULL for the buffer address,
// the marshalling between C# and C misbehaves when this happens. When I tried
// this, the entire getter mysteriously returned null (instead of throwing).
// Instead, we must pass a non-null empty buffer (`new SafeSecurityDescriptorPtr`)
if (!CryptGetProvParam(
handle,
CryptProvParam.PP_KEYSET_SEC_DESCR,
null,
new SafeSecurityDescriptorPtr(),
ref securityDescriptorSize,
SecurityInformationFlags.DACL_SECURITY_INFORMATION))
{
Expand All @@ -233,7 +243,6 @@ public FileSecurity Acl
{
throw new Win32Exception();
}

}
var buffer = new byte[securityDescriptorSize];
Marshal.Copy(securityDescriptorBuffer.DangerousGetHandle(), buffer, 0, buffer.Length);
Expand Down

0 comments on commit 5bfb3a2

Please sign in to comment.