ipc-util: Fix access rights issue with IPC pipe

This was the reason why game capture could not hook when the hook was run at administrator level and the game/target was below administrator level: it was because the plugin created a pipe, and the hook tried to connect to that pipe, but because the pipe was created as administrator with default access rights, the pipe did not allow write access for anything below administrator level, therefor the hook could not connect to the plugin, and the hook would always fail as a result. This fixes the issue by creating the pipe with full access rights to everyone instead of default access rights.

ipc-util: Fix access rights issue with IPC pipe
This was the reason why game capture could not hook when the hook was run at administrator level and the game/target was below administrator level: it was because the plugin created a pipe, and the hook tried to connect to that pipe, but because the pipe was created as administrator with default access rights, the pipe did not allow write access for anything below administrator level, therefor the hook could not connect to the plugin, and the hook would always fail as a result. This fixes the issue by creating the pipe with full access rights to everyone instead of default access rights.
8ae0cd24 · jp9000 · f4d0da4e · 8ae0cd24
隐藏空白更改
内联并排

Showing with 35 addition and 1 deletion

deps/ipc-util/ipc-util/pipe-windows.c deps/ipc-util/ipc-util/pipe-windows.c +35 -1

未找到文件。
--- a/deps/ipc-util/ipc-util/pipe-windows.c
+++ b/deps/ipc-util/ipc-util/pipe-windows.c
@@ -24,10 +24,34 @@ static inline bool ipc_pipe_internal_create_events(ipc_pipe_server_t *pipe)
 	return !!pipe->ready_event;
 }

+static inline void *create_full_access_security_descriptor()
+{
+	void *sd = malloc(SECURITY_DESCRIPTOR_MIN_LENGTH);
+	if (!sd) {
+		return NULL;
+	}
+
+	if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) {
+		goto error;
+	}
+
+	if (!SetSecurityDescriptorDacl(sd, true, NULL, false)) {
+		goto error;
+	}
+
+	return sd;
+
+error:
+	free(sd);
+	return NULL;
+}
+
 static inline bool ipc_pipe_internal_create_pipe(ipc_pipe_server_t *pipe,
 		const char *name)
 {
+	SECURITY_ATTRIBUTES sa;
 	char new_name[512];
+	void *sd;
 	const DWORD access = PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED;
 	const DWORD flags = PIPE_TYPE_MESSAGE     |
 	                    PIPE_READMODE_MESSAGE |
@@ -36,8 +60,18 @@ static inline bool ipc_pipe_internal_create_pipe(ipc_pipe_server_t *pipe,
 	strcpy_s(new_name, sizeof(new_name), "\\\\.\\pipe\\");
 	strcat_s(new_name, sizeof(new_name), name);

+	sd = create_full_access_security_descriptor();
+	if (!sd) {
+		return false;
+	}
+
+	sa.nLength = sizeof(sa);
+	sa.lpSecurityDescriptor = sd;
+	sa.bInheritHandle = false;
+
 	pipe->handle = CreateNamedPipeA(new_name, access, flags, 1,
-			IPC_PIPE_BUF_SIZE, IPC_PIPE_BUF_SIZE, 0, NULL);
+			IPC_PIPE_BUF_SIZE, IPC_PIPE_BUF_SIZE, 0, &sa);
+	free(sd);

 	return pipe->handle != INVALID_HANDLE_VALUE;
 }