[weiden] 31157: Fix a buffer overflow accessing the pKeepAce array in AccRewriteSetEntriesInAcl - Ros-diffs

11 Dec 2007

Author: weiden
Date: Tue Dec 11 20:52:30 2007
New Revision: 31157

URL: http://svn.reactos.org/svn/reactos?rev=31157&view=rev
Log:
Fix a buffer overflow accessing the pKeepAce array in AccRewriteSetEntriesInAcl

Modified:
    trunk/reactos/dll/win32/ntmarta/ntmarta.c

Modified: trunk/reactos/dll/win32/ntmarta/ntmarta.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/ntmarta/ntmarta.…
==============================================================================

--- trunk/reactos/dll/win32/ntmarta/ntmarta.c (original)
+++ trunk/reactos/dll/win32/ntmarta/ntmarta.c Tue Dec 11 20:52:30 2007
@@ -1020,7 +1020,7 @@
     PACL pNew;
     ACL_SIZE_INFORMATION SizeInformation;
     PACE_HEADER pAce;
-    BOOL *pKeepAce = NULL;
+    BOOLEAN *pKeepAce = NULL;
     BOOL needToClean;
     PSID pSid1, pSid2;
     ULONG i;
@@ -1042,14 +1042,14 @@
             goto Cleanup;
         }
 
-        pKeepAce = (BOOL *)LocalAlloc(LMEM_FIXED, SizeInformation.AceCount);
+        pKeepAce = (BOOLEAN *)LocalAlloc(LMEM_FIXED, SizeInformation.AceCount *
sizeof(*pKeepAce));
         if (!pKeepAce)
         {
             Ret = ERROR_NOT_ENOUGH_MEMORY;
             goto Cleanup;
         }
 
-        memset(pKeepAce, TRUE, SizeInformation.AceCount);
+        memset(pKeepAce, TRUE, SizeInformation.AceCount * sizeof(*pKeepAce));
     }
     else
     {



    