https://git.reactos.org/?p=reactos.git;a=commitdiff;h=6c154c06254218a5e9d8b… commit 6c154c06254218a5e9d8bd9f406e43c789cecea4 Author: Timo Kreuzer <timo.kreuzer(a)reactos.org> AuthorDate: Sun Feb 4 20:07:17 2018 +0100 Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org> CommitDate: Thu Aug 16 16:32:49 2018 +0200 [NTOS:SE] Fix SeSetSecurityDescriptorInfoEx to prevent pool corruption on x64 --- ntoskrnl/se/sd.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c index a6b082993f..ab10515e79 100644 --- a/ntoskrnl/se/sd.c +++ b/ntoskrnl/se/sd.c @@ -916,13 +916,9 @@ SeSetSecurityDescriptorInfoEx( return STATUS_INSUFFICIENT_RESOURCES; } - RtlCreateSecurityDescriptor(NewSd, - SECURITY_DESCRIPTOR_REVISION1); + RtlCreateSecurityDescriptorRelative(NewSd, SECURITY_DESCRIPTOR_REVISION1); - /* We always build a self-relative descriptor */ - NewSd->Control = Control | SE_SELF_RELATIVE; - - Current = sizeof(SECURITY_DESCRIPTOR); + Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE); if (OwnerLength != 0) {