[reactos] 02/03: [SAMSRV] Fix usage of self-relative security descriptor in SamrQuerySecurityObject
26 Sep
2023
26 Sep
'23
3:01 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5127433416c39779a3393…
commit 5127433416c39779a3393f429d7eda1fd51b6e58
Author: Timo Kreuzer <timo.kreuzer(a)reactos.org>
AuthorDate: Wed Sep 20 11:48:49 2023 +0300
Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org>
CommitDate: Tue Sep 26 18:01:45 2023 +0300
[SAMSRV] Fix usage of self-relative security descriptor in SamrQuerySecurityObject
Fixes crash of netapi32_winetest access
---
dll/win32/samsrv/samrpc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dll/win32/samsrv/samrpc.c b/dll/win32/samsrv/samrpc.c
index 5c8bdff6f78..68b22684b6f 100644
--- a/dll/win32/samsrv/samrpc.c
+++ b/dll/win32/samsrv/samrpc.c
@@ -332,7 +332,7 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
{
PSAM_DB_OBJECT SamObject;
PSAMPR_SR_SECURITY_DESCRIPTOR SdData = NULL;
- PSECURITY_DESCRIPTOR RelativeSd = NULL;
+ PISECURITY_DESCRIPTOR_RELATIVE RelativeSd = NULL;
PSECURITY_DESCRIPTOR ResultSd = NULL;
ACCESS_MASK DesiredAccess = 0;
ULONG RelativeSdSize = 0;
@@ -397,16 +397,16 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
/* Invalidate the SD information that was not requested */
if (!(SecurityInformation & OWNER_SECURITY_INFORMATION))
- ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL;
+ RelativeSd->Owner = 0;
if (!(SecurityInformation & GROUP_SECURITY_INFORMATION))
- ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL;
+ RelativeSd->Group = 0;
if (!(SecurityInformation & DACL_SECURITY_INFORMATION))
- ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT;
+ RelativeSd->Control &= ~SE_DACL_PRESENT;
if (!(SecurityInformation & SACL_SECURITY_INFORMATION))
- ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT;
+ RelativeSd->Control &= ~SE_SACL_PRESENT;
/* Calculate the required SD size */
Status = RtlMakeSelfRelativeSD(RelativeSd,
@@ -439,7 +439,7 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
}
/* Fill the SD data buffer and return it to the caller */
- SdData->Length = RelativeSdSize;
+ SdData->Length = ResultSdSize;
SdData->SecurityDescriptor = (PBYTE)ResultSd;
*SecurityDescriptor = SdData;
414
days inactive
414
days old
0 comments
1 participants
participants (1)
-
Timo Kreuzer