[ros-diffs] [reactos] 02/03: [SAMSRV] Fix usage of self-relative security descriptor in SamrQuerySecurityObject

Tue, 26 Sep 2023 08:02:59 -0700 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5127433416c39779a3393f429d7eda1fd51b6e58

commit 5127433416c39779a3393f429d7eda1fd51b6e58
Author:     Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Wed Sep 20 11:48:49 2023 +0300
Commit:     Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Tue Sep 26 18:01:45 2023 +0300

    [SAMSRV] Fix usage of self-relative security descriptor in 
SamrQuerySecurityObject
    
    Fixes crash of netapi32_winetest access
---
 dll/win32/samsrv/samrpc.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/dll/win32/samsrv/samrpc.c b/dll/win32/samsrv/samrpc.c
index 5c8bdff6f78..68b22684b6f 100644
--- a/dll/win32/samsrv/samrpc.c
+++ b/dll/win32/samsrv/samrpc.c
@@ -332,7 +332,7 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
 {
     PSAM_DB_OBJECT SamObject;
     PSAMPR_SR_SECURITY_DESCRIPTOR SdData = NULL;
-    PSECURITY_DESCRIPTOR RelativeSd = NULL;
+    PISECURITY_DESCRIPTOR_RELATIVE RelativeSd = NULL;
     PSECURITY_DESCRIPTOR ResultSd = NULL;
     ACCESS_MASK DesiredAccess = 0;
     ULONG RelativeSdSize = 0;
@@ -397,16 +397,16 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
 
     /* Invalidate the SD information that was not requested */
     if (!(SecurityInformation & OWNER_SECURITY_INFORMATION))
-        ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL;
+        RelativeSd->Owner = 0;
 
     if (!(SecurityInformation & GROUP_SECURITY_INFORMATION))
-        ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL;
+        RelativeSd->Group = 0;
 
     if (!(SecurityInformation & DACL_SECURITY_INFORMATION))
-        ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT;
+        RelativeSd->Control &= ~SE_DACL_PRESENT;
 
     if (!(SecurityInformation & SACL_SECURITY_INFORMATION))
-        ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT;
+        RelativeSd->Control &= ~SE_SACL_PRESENT;
 
     /* Calculate the required SD size */
     Status = RtlMakeSelfRelativeSD(RelativeSd,
@@ -439,7 +439,7 @@ SamrQuerySecurityObject(IN SAMPR_HANDLE ObjectHandle,
     }
 
     /* Fill the SD data buffer and return it to the caller */
-    SdData->Length = RelativeSdSize;
+    SdData->Length = ResultSdSize;
     SdData->SecurityDescriptor = (PBYTE)ResultSd;
 
     *SecurityDescriptor = SdData;

Reply via email to