From dc6c279339f8e3a18569afce002fc9329cebeeb7 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 29 Aug 2015 23:25:34 +0200 Subject: [PATCH] Windows Driver: Protect captured subject context during processing of user access token. --- src/Driver/Ntdriver.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index d292acb9..a5965c96 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -2653,6 +2653,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount) PACCESS_TOKEN accessToken; SeCaptureSubjectContext (&subContext); + SeLockSubjectContext(&subContext); accessToken = SeQuerySubjectContextToken (&subContext); if (!accessToken) @@ -2678,6 +2679,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount) } } + SeUnlockSubjectContext(&subContext); SeReleaseSubjectContext (&subContext); if (NT_SUCCESS (ntStatus))