Mike Hearn : ntdll: Fix heap corruption in RtlDeleteAce.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon May 8 08:01:55 CDT 2006
Module: wine
Branch: refs/heads/master
Commit: 0154704f9f8a2f13d2e654c074391ab008c7573f
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=0154704f9f8a2f13d2e654c074391ab008c7573f
Author: Mike Hearn <mike at plan99.net>
Date: Mon May 1 09:08:58 2006 +0100
ntdll: Fix heap corruption in RtlDeleteAce.
---
dlls/ntdll/sec.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 8fd21f7..620588b 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1132,15 +1132,20 @@ NTSTATUS WINAPI RtlDeleteAce(PACL pAcl,
PACE_HEADER pcAce;
DWORD len = 0;
+ /* skip over the ACE we are deleting */
pcAce = (PACE_HEADER)(((BYTE*)pAce)+pAce->AceSize);
+ dwAceIndex++;
+
+ /* calculate the length of the rest */
for (; dwAceIndex < pAcl->AceCount; dwAceIndex++)
{
len += pcAce->AceSize;
pcAce = (PACE_HEADER)(((BYTE*)pcAce) + pcAce->AceSize);
}
- memcpy(pAce, ((BYTE*)pAce)+pAce->AceSize, len);
- pAcl->AceCount--;
+ /* slide them all backwards */
+ memmove(pAce, ((BYTE*)pAce)+pAce->AceSize, len);
+ pAcl->AceCount--;
}
TRACE("pAcl=%p dwAceIndex=%ld status=0x%08lx\n", pAcl, dwAceIndex, status);
More information about the wine-cvs
mailing list