Skip to content

[platform-win] Add null check to pOldDACL#4735

Merged
tobe2098 merged 2 commits into
mainfrom
bugfix/win-add-missing-dacl-null-check
Mar 27, 2026
Merged

[platform-win] Add null check to pOldDACL#4735
tobe2098 merged 2 commits into
mainfrom
bugfix/win-add-missing-dacl-null-check

Conversation

@xmkg
Copy link
Copy Markdown
Member

@xmkg xmkg commented Mar 16, 2026
edited
Loading

The new_ACL function assumes that pOldDACL ptr would be non-empty after a successful GetNamedSecurityInfo call, but that premise does not exist

Excerpt from GetNamedSecurityInfo docs:

A pointer to a variable that receives a pointer to the DACL in the
returned security descriptor or NULL if the security descriptor has
no DACL. The returned pointer is valid only if you set the DACL_SECURITY_INFORMATION
flag. Also, this parameter can be NULL if you do not need the DACL.

NULL DACL is a valid return value, indicating that the queried security info has no DACL (i.e., no access restrictions).

The patch adds a null check to fix that.

MULTI-2519

@xmkg
[platform-win] Add null check to pOldDACL
4b4b3ba 
new_ACL function assumes that pOldDACL ptr would be non-empty after a
successful `GetNamedSecurityInfo` call but that premise does not exists

Excerpt from `GetNamedSecurityInfo` docs:

> A pointer to a variable that receives a pointer to the DACL in the
> returned security descriptor or NULL if the security descriptor has
> no DACL. The returned pointer is valid only if you set the DACL_SECURITY_INFORMATION
> flag. Also, this parameter can be NULL if you do not need the DACL.

NULL DACL is a valid return value which means the queried security info
has no DACL info (i.e., no access restrictions).

The patch adds a null check to fix that.

Signed-off-by: Mustafa Kemal Gilor <mustafa.gilor@canonical.com>
@xmkg xmkg requested a review from tobe2098 March 16, 2026 17:02
@xmkg
[platform-win] Make the linter happy
ef1e7c5 
Signed-off-by: Mustafa Kemal Gilor <mustafa.gilor@canonical.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.65%. Comparing base (fe0711e) to head (ef1e7c5).
⚠️ Report is 151 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4735   +/-   ##
=======================================
  Coverage   87.65%   87.65%           
=======================================
  Files         258      258           
  Lines       14124    14124           
=======================================
  Hits        12379    12379           
  Misses       1745     1745

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

tobe2098
tobe2098 approved these changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@tobe2098 tobe2098 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great catch Mustafa!

@tobe2098 tobe2098 added this pull request to the merge queue Mar 27, 2026
Merged via the queue into main with commit 5bc91bd Mar 27, 2026
23 checks passed
@tobe2098 tobe2098 deleted the bugfix/win-add-missing-dacl-null-check branch March 27, 2026 15:09
tobe2098 added a commit that referenced this pull request Mar 30, 2026
@tobe2098
[platform-win] Add null check to pOldDACL (#4735)
ebbf388 
The new_ACL function assumes that pOldDACL ptr would be non-empty after
a successful `GetNamedSecurityInfo` call, but that premise does not
exist

Excerpt from `GetNamedSecurityInfo` docs:

> A pointer to a variable that receives a pointer to the DACL in the
> returned security descriptor or NULL if the security descriptor has
> no DACL. The returned pointer is valid only if you set the
DACL_SECURITY_INFORMATION
> flag. Also, this parameter can be NULL if you do not need the DACL.

NULL DACL is a valid return value, indicating that the queried security
info has no DACL (i.e., no access restrictions).

The patch adds a null check to fix that.
deepakshirkem pushed a commit to deepakshirkem/multipass that referenced this pull request Apr 26, 2026
@tobe2098
[platform-win] Add null check to pOldDACL (canonical#4735)
2bddf12 
The new_ACL function assumes that pOldDACL ptr would be non-empty after
a successful `GetNamedSecurityInfo` call, but that premise does not
exist

Excerpt from `GetNamedSecurityInfo` docs:

> A pointer to a variable that receives a pointer to the DACL in the
> returned security descriptor or NULL if the security descriptor has
> no DACL. The returned pointer is valid only if you set the
DACL_SECURITY_INFORMATION
> flag. Also, this parameter can be NULL if you do not need the DACL.

NULL DACL is a valid return value, indicating that the queried security
info has no DACL (i.e., no access restrictions).

The patch adds a null check to fix that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tobe2098 tobe2098 tobe2098 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xmkg @tobe2098