Fix paramater validation and pointer manipulation in RtlAddAce.
Modified: trunk/reactos/lib/rtl/acl.c
_____
Modified: trunk/reactos/lib/rtl/acl.c
--- trunk/reactos/lib/rtl/acl.c 2005-08-01 08:50:30 UTC (rev 16932)
+++ trunk/reactos/lib/rtl/acl.c 2005-08-01 08:55:22 UTC (rev 16933)
@@ -266,9 +266,9 @@
ULONG AceListLength)
{
PACE Ace;
- ULONG i;
PACE Current;
- ULONG j;
+ ULONG NewAceCount;
+ ULONG Index;
PAGED_CODE_RTL();
@@ -289,41 +289,35 @@
return(STATUS_INVALID_PARAMETER);
}
- i = 0;
- Current = (PACE)(Acl + 1);
- while ((ULONG_PTR)Current < ((ULONG_PTR)AceList + AceListLength))
+ for (Current = AceList, NewAceCount = 0;
+ (ULONG_PTR)Current < ((ULONG_PTR)AceList + AceListLength);
+ Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize),
+ ++NewAceCount)
{
if (AceList->Header.AceType == ACCESS_ALLOWED_COMPOUND_ACE_TYPE
&&
AclRevision < ACL_REVISION3)
{
return(STATUS_INVALID_PARAMETER);
}
- Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize);
}
if (Ace == NULL ||
- ((ULONG_PTR)Ace + AceListLength) >= ((ULONG_PTR)Acl +
Acl->AclSize))
+ ((ULONG_PTR)Ace + AceListLength) > ((ULONG_PTR)Acl +
Acl->AclSize))
{
return(STATUS_BUFFER_TOO_SMALL);
}
- if (StartingIndex != 0)
+ Current = (PACE)(Acl + 1);
+ for (Index = 0; Index < StartingIndex && Index < Acl->AceCount;
Index++)
{
- if (Acl->AceCount > 0)
- {
- Current = (PACE)(Acl + 1);
- for (j = 0; j < StartingIndex; j++)
- {
- Current = (PACE)((ULONG_PTR)Current +
Current->Header.AceSize);
- }
- }
+ Current = (PACE)((ULONG_PTR)Current + Current->Header.AceSize);
}
RtlpAddData(AceList,
AceListLength,
Current,
(ULONG)((ULONG_PTR)Ace - (ULONG_PTR)Current));
- Acl->AceCount = Acl->AceCount + i;
+ Acl->AceCount = Acl->AceCount + NewAceCount;
Acl->AclRevision = AclRevision;
return(STATUS_SUCCESS);
Show replies by date