01/01: [NTOS:SE] Fix SeSetSecurityDescriptorInfoEx to prevent pool corruption on x64 - Ros-diffs

16 Aug 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=6c154c06254218a5e9d8bd...
commit 6c154c06254218a5e9d8bd9f406e43c789cecea4
Author:     Timo Kreuzer timo.kreuzer@reactos.org
AuthorDate: Sun Feb 4 20:07:17 2018 +0100
Commit:     Timo Kreuzer timo.kreuzer@reactos.org
CommitDate: Thu Aug 16 16:32:49 2018 +0200
[NTOS:SE] Fix SeSetSecurityDescriptorInfoEx to prevent pool corruption on x64
---
 ntoskrnl/se/sd.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c
index a6b082993f..ab10515e79 100644
--- a/ntoskrnl/se/sd.c
+++ b/ntoskrnl/se/sd.c
@@ -916,13 +916,9 @@ SeSetSecurityDescriptorInfoEx(
         return STATUS_INSUFFICIENT_RESOURCES;
     }
-    RtlCreateSecurityDescriptor(NewSd,
-                                SECURITY_DESCRIPTOR_REVISION1);
+    RtlCreateSecurityDescriptorRelative(NewSd, SECURITY_DESCRIPTOR_REVISION1);
-    /* We always build a self-relative descriptor */
-    NewSd->Control = Control | SE_SELF_RELATIVE;
-
-    Current = sizeof(SECURITY_DESCRIPTOR);
+    Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
if (OwnerLength != 0)
     {

    