From 6e5bdff3a628726a26e6b30eb189c1983ffb0ff4 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Sat, 14 Sep 2013 21:35:01 +0000
Subject: [PATCH] [NETAPI32] NetLocalGroupGetMembers: Fix heap corruption by
 calculationg the proper buffer size.

svn path=/trunk/; revision=60119
---
 reactos/dll/win32/netapi32/local_group.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/reactos/dll/win32/netapi32/local_group.c b/reactos/dll/win32/netapi32/local_group.c
index 9f49f50ef64..0f301af947e 100644
--- a/reactos/dll/win32/netapi32/local_group.c
+++ b/reactos/dll/win32/netapi32/local_group.c
@@ -1515,27 +1515,27 @@ NetLocalGroupGetMembers(
         switch (level)
         {
             case 0:
-                Size = sizeof(LOCALGROUP_MEMBERS_INFO_0) +
-                       RtlLengthSid(EnumContext->Sids[i]);
+                Size += sizeof(LOCALGROUP_MEMBERS_INFO_0) +
+                        RtlLengthSid(EnumContext->Sids[i]);
                 break;
 
             case 1:
-                Size = sizeof(LOCALGROUP_MEMBERS_INFO_1) +
-                       RtlLengthSid(EnumContext->Sids[i]) +
-                       EnumContext->Names[i].Name.Length + sizeof(WCHAR);
+                Size += sizeof(LOCALGROUP_MEMBERS_INFO_1) +
+                        RtlLengthSid(EnumContext->Sids[i]) +
+                        EnumContext->Names[i].Name.Length + sizeof(WCHAR);
                 break;
 
             case 2:
-                Size = sizeof(LOCALGROUP_MEMBERS_INFO_2) +
-                       RtlLengthSid(EnumContext->Sids[i]) +
-                       EnumContext->Names[i].Name.Length + sizeof(WCHAR) +
-                       EnumContext->Domains->Domains[EnumContext->Names[i].DomainIndex].Name.Length + sizeof(WCHAR);
+                Size += sizeof(LOCALGROUP_MEMBERS_INFO_2) +
+                        RtlLengthSid(EnumContext->Sids[i]) +
+                        EnumContext->Names[i].Name.Length + sizeof(WCHAR) +
+                        EnumContext->Domains->Domains[EnumContext->Names[i].DomainIndex].Name.Length + sizeof(WCHAR);
                 break;
 
             case 3:
-                Size = sizeof(LOCALGROUP_MEMBERS_INFO_3) +
-                       EnumContext->Names[i].Name.Length + sizeof(WCHAR) +
-                       EnumContext->Domains->Domains[EnumContext->Names[i].DomainIndex].Name.Length + sizeof(WCHAR);
+                Size += sizeof(LOCALGROUP_MEMBERS_INFO_3) +
+                        EnumContext->Names[i].Name.Length + sizeof(WCHAR) +
+                        EnumContext->Domains->Domains[EnumContext->Names[i].DomainIndex].Name.Length + sizeof(WCHAR);
                 break;
 
             default:
-- 
2.17.1