[NTOS:SE] Do not set SE_DACL_PRESENT flag that early

The function might assign the flag yet it could possibly fail on creating a DACL and insert an "access allowed" right to the access entry within the DACL. In this case, make sure we actually succeeded on all the tasks and THEN assign the flag that the DACL is truly present.

Also, make sure that the Current buffer size variable gets its new size so that we avoid overidding the memory of the DACL if the security descriptor wants both a DACL and SACL and so that happens that the DACL memory gets overwritten by the SACL.

diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c
index 76584c2..56f013b 100644 (file)
--- a/ntoskrnl/se/sd.c
+++ b/ntoskrnl/se/sd.c
@@ -220,7 +220,6 @@ SeSetWorldSecurityDescriptor(
     if (SecurityInformation & DACL_SECURITY_INFORMATION)
     {
         PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
-        SdRel->Control |= SE_DACL_PRESENT;
 
         Status = RtlCreateAcl(Dacl,
                               sizeof(ACL) + sizeof(ACE) + SidSize,
@@ -235,7 +234,9 @@ SeSetWorldSecurityDescriptor(
         if (!NT_SUCCESS(Status))
             return Status;
 
+        SdRel->Control |= SE_DACL_PRESENT;
         SdRel->Dacl = Current;
+        Current += SidSize;
     }
 
     if (SecurityInformation & SACL_SECURITY_INFORMATION)