From 14442c0a340f45a91ba6d4115b5a517091545a9d Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey@reactos.org>
Date: Thu, 12 Nov 2009 13:55:51 +0000
Subject: [PATCH] [advapi32] Alexander Yastrebov <menone7@gmail.com> - Return
 proper lengths of required buffer sizes in characters (including the
 termination NULL character) in LookupAccountSid. Fixes 4 "advapi32_winetest
 security" failures. See issue #4904 for more details.

svn path=/trunk/; revision=44117
---
 reactos/dll/win32/advapi32/sec/misc.c | 69 +++++++++++----------------
 1 file changed, 29 insertions(+), 40 deletions(-)

diff --git a/reactos/dll/win32/advapi32/sec/misc.c b/reactos/dll/win32/advapi32/sec/misc.c
index 2510f39ae7a..51cf09e1512 100644
--- a/reactos/dll/win32/advapi32/sec/misc.c
+++ b/reactos/dll/win32/advapi32/sec/misc.c
@@ -1146,6 +1146,7 @@ LookupAccountSidW(LPCWSTR pSystemName,
 	PLSA_REFERENCED_DOMAIN_LIST ReferencedDomain = NULL;
 	PLSA_TRANSLATED_NAME TranslatedName = NULL;
 	BOOL ret;
+	DWORD dwAccountName, dwDomainName;
 
 	RtlInitUnicodeString ( &SystemName, pSystemName );
 	Status = LsaOpenPolicy ( &SystemName, &ObjectAttributes, POLICY_LOOKUP_NAMES, &PolicyHandle );
@@ -1166,49 +1167,37 @@ LookupAccountSidW(LPCWSTR pSystemName,
 	else
 	{
 		ret = TRUE;
-		if ( TranslatedName )
+		
+		dwAccountName = TranslatedName->Name.Length / sizeof(WCHAR);
+		if (ReferencedDomain && ReferencedDomain->Entries > 0)
+			dwDomainName = ReferencedDomain->Domains[0].Name.Length / sizeof(WCHAR);
+		else
+			dwDomainName = 0;
+		
+		if (*pdwAccountName <= dwAccountName || *pdwDomainName <= dwDomainName)
 		{
-			DWORD dwSrcLen = TranslatedName->Name.Length / sizeof(WCHAR);
-			if ( *pdwAccountName <= dwSrcLen )
-			{
-				*pdwAccountName = dwSrcLen + 1;
-				ret = FALSE;
-			}
-			else
-			{
-				*pdwAccountName = dwSrcLen;
-				if (pAccountName)
-				{
-					RtlCopyMemory ( pAccountName, TranslatedName->Name.Buffer, TranslatedName->Name.Length );
-					pAccountName[TranslatedName->Name.Length / sizeof(WCHAR)] = L'\0';
-				}
-			}
-			if ( peUse )
-				*peUse = TranslatedName->Use;
-		}
-
-		if ( ReferencedDomain )
+			/* One or two buffers are insufficient, add up a char for NULL termination */
+			*pdwAccountName = dwAccountName + 1;
+			*pdwDomainName = dwDomainName + 1;
+			ret = FALSE;
+		} else
 		{
-			if ( ReferencedDomain->Entries > 0 )
-			{
-				DWORD dwSrcLen = ReferencedDomain->Domains[0].Name.Length / sizeof(WCHAR);
-				if ( *pdwDomainName <= dwSrcLen )
-				{
-					*pdwDomainName = dwSrcLen + 1;
-					ret = FALSE;
-				}
-				else
-				{
-					*pdwDomainName = dwSrcLen;
-					if (pDomainName)
-					{
-					    RtlCopyMemory ( pDomainName, ReferencedDomain->Domains[0].Name.Buffer, ReferencedDomain->Domains[0].Name.Length );
-					    pDomainName[ReferencedDomain->Domains[0].Name.Length / sizeof(WCHAR)] = L'\0';
-					}
-				}
-			}
+			/* Lengths are sufficient, copy the data */
+			if(dwAccountName)
+				RtlCopyMemory(pAccountName, TranslatedName->Name.Buffer, dwAccountName * sizeof(WCHAR));
+			pAccountName[dwAccountName] = L'\0';
+			
+			if(dwDomainName)
+				RtlCopyMemory(pDomainName, ReferencedDomain->Domains[0].Name.Buffer, dwDomainName * sizeof(WCHAR));
+			pDomainName[dwDomainName] = L'\0';
+
+			*pdwAccountName = dwAccountName;
+			*pdwDomainName = dwDomainName;
+
+			if (peUse)
+				*peUse = TranslatedName->Use;
 		}
-
+		
 		if ( !ret )
 			SetLastError(ERROR_INSUFFICIENT_BUFFER);
 	}
-- 
2.17.1