=?UTF-8?Q?Michael=20M=C3=BCller=20?=: server: Correctly validate SID length in sd_is_valid.
Alexandre Julliard
julliard at winehq.org
Wed Apr 3 15:26:20 CDT 2019
Module: wine
Branch: master
Commit: f926811e0df963319aa1b7903c368fbfe4a51986
URL: https://source.winehq.org/git/wine.git/?a=commit;h=f926811e0df963319aa1b7903c368fbfe4a51986
Author: Michael Müller <michael at fds-team.de>
Date: Wed Apr 3 17:44:31 2019 +0200
server: Correctly validate SID length in sd_is_valid.
Signed-off-by: Vijay Kiran Kamuju <infyquest at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
server/token.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/server/token.c b/server/token.c
index e58e6a4..5c35bcc 100644
--- a/server/token.c
+++ b/server/token.c
@@ -305,8 +305,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
owner = sd_get_owner( sd );
if (owner)
{
- size_t needed_size = security_sid_len( owner );
- if ((sd->owner_len < sizeof(SID)) || (needed_size > sd->owner_len))
+ if ((sd->owner_len < sizeof(SID)) || (security_sid_len( owner ) > sd->owner_len))
return FALSE;
}
offset += sd->owner_len;
@@ -317,8 +316,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
group = sd_get_group( sd );
if (group)
{
- size_t needed_size = security_sid_len( group );
- if ((sd->group_len < sizeof(SID)) || (needed_size > sd->group_len))
+ if ((sd->group_len < sizeof(SID)) || (security_sid_len( group ) > sd->group_len))
return FALSE;
}
offset += sd->group_len;
More information about the wine-cvs
mailing list