[ros-diffs] [reactos] 01/01: [NTOS:SE] Fix handling of relative security descriptors in SeQuerySecurityDescriptorInfo

[Timo Kreuzer]

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=274bc4de1cbd2de19fbfa94c88e91640753f409d

commit 274bc4de1cbd2de19fbfa94c88e91640753f409d
Author:     Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Fri Jan 3 20:44:05 2020 +0100
Commit:     Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Sat Nov 7 15:54:47 2020 +0100

    [NTOS:SE] Fix handling of relative security descriptors in 
SeQuerySecurityDescriptorInfo
---
 ntoskrnl/se/sd.c | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c
index 012e9ef00ef..ccf17bb8388 100644
--- a/ntoskrnl/se/sd.c
+++ b/ntoskrnl/se/sd.c
@@ -658,28 +658,32 @@ SeQuerySecurityDescriptorInfo(
 
     /* Calculate the required security descriptor length */
     Control = SE_SELF_RELATIVE;
-    if ((*SecurityInformation & OWNER_SECURITY_INFORMATION) &&
-        (ObjectSd->Owner != NULL))
+    if (*SecurityInformation & OWNER_SECURITY_INFORMATION)
     {
-        Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
-        OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
-        Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
+        Owner = SepGetOwnerFromDescriptor(ObjectSd);
+        if (Owner != NULL)
+        {
+            OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
+            Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
+        }
     }
 
-    if ((*SecurityInformation & GROUP_SECURITY_INFORMATION) &&
-        (ObjectSd->Group != NULL))
+    if (*SecurityInformation & GROUP_SECURITY_INFORMATION)
     {
-        Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
-        GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
-        Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
+        Group = SepGetGroupFromDescriptor(ObjectSd);
+        if (Group != NULL)
+        {
+            GroupLength = ROUND_UP(RtlLengthSid(Group), 4);
+            Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
+        }
     }
 
     if ((*SecurityInformation & DACL_SECURITY_INFORMATION) &&
         (ObjectSd->Control & SE_DACL_PRESENT))
     {
-        if (ObjectSd->Dacl != NULL)
+        Dacl = SepGetDaclFromDescriptor(ObjectSd);
+        if (Dacl != NULL)
         {
-            Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
             DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
         }
 
@@ -689,9 +693,9 @@ SeQuerySecurityDescriptorInfo(
     if ((*SecurityInformation & SACL_SECURITY_INFORMATION) &&
         (ObjectSd->Control & SE_SACL_PRESENT))
     {
-        if (ObjectSd->Sacl != NULL)
+        Sacl = SepGetSaclFromDescriptor(ObjectSd);
+        if (Sacl != NULL)
         {
-            Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
             SaclLength = ROUND_UP(Sacl->AclSize, 4);
         }