From 6bedabd7ef090b9f1fb12fbc3f1d0f5e69885a45 Mon Sep 17 00:00:00 2001
From: Mikolaj Zalewski <mikolaj@zalewski.pl>
Date: Mon, 17 Sep 2007 14:12:27 -0700
Subject: [PATCH] advapi32: QueryObjectSecurity should return a self-relative security descriptor and not overflow the buffer
---
 dlls/advapi32/service.c |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/dlls/advapi32/service.c b/dlls/advapi32/service.c
index a698f11..13b1122 100644
--- a/dlls/advapi32/service.c
+++ b/dlls/advapi32/service.c
@@ -2538,17 +2538,26 @@ BOOL WINAPI QueryServiceObjectSecurity(S
        PSECURITY_DESCRIPTOR lpSecurityDescriptor,
        DWORD cbBufSize, LPDWORD pcbBytesNeeded)
 {
-    PACL pACL = NULL;
+    SECURITY_DESCRIPTOR descriptor;
+    DWORD size;
+    BOOL succ;
+    ACL acl;
 
-    FIXME("%p %d %p %u %p\n", hService, dwSecurityInformation,
+    FIXME("%p %d %p %u %p - semi-stub\n", hService, dwSecurityInformation,
           lpSecurityDescriptor, cbBufSize, pcbBytesNeeded);
 
-    InitializeSecurityDescriptor(lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
+    if (dwSecurityInformation != DACL_SECURITY_INFORMATION)
+        FIXME("information %d not supported\n", dwSecurityInformation);
 
-    pACL = HeapAlloc( GetProcessHeap(), 0, sizeof(ACL) );
-    InitializeAcl(pACL, sizeof(ACL), ACL_REVISION);
-    SetSecurityDescriptorDacl(lpSecurityDescriptor, TRUE, pACL, TRUE);
-    return TRUE;
+    InitializeSecurityDescriptor(&descriptor, SECURITY_DESCRIPTOR_REVISION);
+
+    InitializeAcl(&acl, sizeof(ACL), ACL_REVISION);
+    SetSecurityDescriptorDacl(&descriptor, TRUE, &acl, TRUE);
+    
+    size = cbBufSize;
+    succ = MakeSelfRelativeSD(&descriptor, lpSecurityDescriptor, &size);
+    *pcbBytesNeeded = size;
+    return succ;
 }
 
 /******************************************************************************
-- 
1.4.1