commit dacc3dbfa501b34b626078d29f69d706a61b47e1
author Robert Shearman <rob@codeweavers.com> Tue Jun 14 19:15:58 2005 +0000
committer Alexandre Julliard <julliard@winehq.org> Tue Jun 14 19:15:58 2005 +0000
tree 1a7e1457c30fc7f7cbfb1ecceed3f0df7344161b
parent acaa5c5eff506b552fdbc46a8a5f913e352618b9

Fix size used to validate the sids in aces.

server/token.c

diff --git a/server/token.c b/server/token.c
index cba6782..f1fba3b 100644
--- a/server/token.c
+++ b/server/token.c
@@ -161,6 +161,7 @@
     for (i = 0; i < acl->AceCount; i++)
     {
         const SID *sid;
+        size_t sid_size;
 
         if (size < sizeof(ACE_HEADER))
             return FALSE;
@@ -171,21 +172,25 @@
         {
         case ACCESS_DENIED_ACE_TYPE:
             sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
+            sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
             break;
         case ACCESS_ALLOWED_ACE_TYPE:
             sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
+            sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
             break;
         case SYSTEM_AUDIT_ACE_TYPE:
             sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
+            sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
             break;
         case SYSTEM_ALARM_ACE_TYPE:
             sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
+            sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
             break;
         default:
             return FALSE;
         }
-        if (size < sizeof(SID) ||
-            size < FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]))
+        if (sid_size < FIELD_OFFSET(SID, SubAuthority[0]) ||
+            sid_size < FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]))
             return FALSE;
         ace = ace_next( ace );
     }