https://git.reactos.org/?p=reactos.git;a=commitdiff;h=07e6af6aa1333a4a9c2a9… commit 07e6af6aa1333a4a9c2a99c301b3e3520a325a5f Author: Pierre Schweitzer <pierre(a)reactos.org> AuthorDate: Sat Oct 27 19:35:45 2018 +0200 Commit: Pierre Schweitzer <pierre(a)reactos.org> CommitDate: Sat Oct 27 19:36:15 2018 +0200 [NTOSKRNL] Properly handle "big" security descriptors in ObpCaptureObjectCreateInformation() --- ntoskrnl/ob/oblife.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/ntoskrnl/ob/oblife.c b/ntoskrnl/ob/oblife.c index 56dbcae421..798cccad05 100644 --- a/ntoskrnl/ob/oblife.c +++ b/ntoskrnl/ob/oblife.c @@ -460,6 +460,7 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_CREATE_INFORMATION ObjectCreateInfo, OUT PUNICODE_STRING ObjectName) { + ULONG SdCharge, QuotaInfoSize; NTSTATUS Status = STATUS_SUCCESS; PSECURITY_DESCRIPTOR SecurityDescriptor; PSECURITY_QUALITY_OF_SERVICE SecurityQos; @@ -518,8 +519,21 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes, _SEH2_YIELD(return Status); } + /* + * By default, assume a SD size of 1024 and allow twice its + * size. + * If SD size happen to be bigger than that, then allow it + */ + SdCharge = 2048; + SeComputeQuotaInformationSize(ObjectCreateInfo->SecurityDescriptor, + &QuotaInfoSize); + if ((2 * QuotaInfoSize) > 2048) + { + SdCharge = 2 * QuotaInfoSize; + } + /* Save the probe mode and security descriptor size */ - ObjectCreateInfo->SecurityDescriptorCharge = 2048; /* FIXME */ + ObjectCreateInfo->SecurityDescriptorCharge = SdCharge; ObjectCreateInfo->ProbeMode = AccessMode; }