24 May
2013
24 May
'13
9:07 a.m.
Author: ekohl
Date: Fri May 24 09:07:46 2013
New Revision: 59075
URL: http://svn.reactos.org/svn/reactos?rev=59075&view=rev
Log:
[NTOSKRNL]
SeValidSecurityDescriptor does not correctly check for invalid DACL revision numbers.
Patch by Samuel Serapion.
CORE-7209 #resolve #comment Committed in r59075.
Modified:
trunk/reactos/ntoskrnl/se/sd.c
Modified: trunk/reactos/ntoskrnl/se/sd.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/sd.c?rev=59075…
==============================================================================
--- trunk/reactos/ntoskrnl/se/sd.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/sd.c [iso-8859-1] Fri May 24 09:07:46 2013
@@ -1088,7 +1088,7 @@
}
Acl = (PACL)((ULONG_PTR)SecurityDescriptor + SecurityDescriptor->Dacl);
- if ((Acl->AclRevision < MIN_ACL_REVISION) &&
+ if ((Acl->AclRevision < MIN_ACL_REVISION) ||
(Acl->AclRevision > MAX_ACL_REVISION))
{
DPRINT1("Invalid DACL revision\n");