From c869c4778d2d3df26ce15f821fff181c7be42eb9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?George=20Bi=C8=99oc?= <george.bisoc@reactos.org>
Date: Sat, 3 Jul 2021 17:20:48 +0200
Subject: [PATCH] [NTOS:SE] Assign the control flag bits to the newly created
 security descriptor

We allocate memory pool for a new security descriptor with specific info filled by the caller but we don't set the control flag bits for the newly allocated descriptor, which is wrong. Originally spotted by Vadim Galyant.
CORE-17650
---
 ntoskrnl/se/sd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c
index dca0db419ff..8ede6fbf4ea 100644
--- a/ntoskrnl/se/sd.c
+++ b/ntoskrnl/se/sd.c
@@ -962,6 +962,7 @@ SeSetSecurityDescriptorInfoEx(
         Current += SaclLength;
     }
 
+    NewSd->Control |= Control;
     *ObjectsSecurityDescriptor = NewSd;
     return STATUS_SUCCESS;
 }
-- 
2.17.1