From 2d586b03d932aff3bb89e69d0e81410243afd2dd Mon Sep 17 00:00:00 2001
From: Mikolaj Zalewski <mikolaj@zalewski.pl>
Date: Thu, 27 Sep 2007 11:44:51 -0700
Subject: [PATCH] advapi32: make ConvertStringSecurityDescriptorToSecurityDescriptor write the ACL
---
 dlls/advapi32/security.c |   26 +++++++++++++++++++++++++-
 1 files changed, 25 insertions(+), 1 deletions(-)

diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 31ee263..ac189de 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -3239,6 +3239,8 @@ static BOOL ParseStringAclToAcl(LPCWSTR 
     DWORD val;
     DWORD sidlen;
     DWORD length = sizeof(ACL);
+    DWORD acesize = 0;
+    DWORD acecount = 0;
     PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
 
     TRACE("%s\n", debugstr_w(StringAcl));
@@ -3308,10 +3310,32 @@ static BOOL ParseStringAclToAcl(LPCWSTR 
             goto lerr;
         StringAcl++;
 
-	length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
+        acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
+        length += acesize;
+        if (pAce)
+        {
+            pAce->Header.AceSize = acesize;
+            pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
+        }
+        acecount++;
     }
 
     *cBytes = length;
+
+    if (length > 0xffff)
+    {
+        ERR("ACL too large\n");
+        goto lerr;
+    }
+
+    if (pAcl)
+    {
+        pAcl->AclRevision = ACL_REVISION;
+        pAcl->Sbz1 = 0;
+        pAcl->AclSize = length;
+        pAcl->AceCount = acecount++;
+        pAcl->Sbz2 = 0;
+    }
     return TRUE;
 
 lerr:
-- 
1.4.1