[NTOS:SE] Fix SeSetSecurityDescriptorInfoEx to prevent pool corruption on x64
authorTimo Kreuzer <timo.kreuzer@reactos.org>
Sun, 4 Feb 2018 19:07:17 +0000 (20:07 +0100)
committerTimo Kreuzer <timo.kreuzer@reactos.org>
Thu, 16 Aug 2018 14:32:49 +0000 (16:32 +0200)
ntoskrnl/se/sd.c

index a6b0829..ab10515 100644 (file)
@@ -916,13 +916,9 @@ SeSetSecurityDescriptorInfoEx(
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 
-    RtlCreateSecurityDescriptor(NewSd,
-                                SECURITY_DESCRIPTOR_REVISION1);
+    RtlCreateSecurityDescriptorRelative(NewSd, SECURITY_DESCRIPTOR_REVISION1);
 
-    /* We always build a self-relative descriptor */
-    NewSd->Control = Control | SE_SELF_RELATIVE;
-
-    Current = sizeof(SECURITY_DESCRIPTOR);
+    Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
 
     if (OwnerLength != 0)
     {