Zebediah Figura : ntdll: Always return at least sizeof(PRIVILEGE_SET) in NtAccessCheck().

Mon Feb 8 15:46:41 CST 2021

Module: wine
Branch: master
Commit: bdc10c65ca8cac6881422b95997dcee8c2b96194
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=bdc10c65ca8cac6881422b95997dcee8c2b96194

Author: Zebediah Figura <z.figura12 at gmail.com>
Date:   Sun Feb  7 19:50:09 2021 -0600

ntdll: Always return at least sizeof(PRIVILEGE_SET) in NtAccessCheck().

Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/advapi32/tests/security.c | 10 ++--------
 dlls/ntdll/unix/security.c     |  2 +-
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index faab2bd32d7..239c9d3caff 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1374,7 +1374,7 @@ static void test_AccessCheck(void)
          "NtAccessCheck shouldn't set last error, got %d\n", err);
       todo_wine ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
          "Access and/or AccessStatus were changed!\n");
-      todo_wine ok(ntPrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", ntPrivSetLen);
+      ok(ntPrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", ntPrivSetLen);
 
       /* Key access mask - insufficient returnlength */
       SetLastError(0xdeadbeef);
@@ -1389,7 +1389,7 @@ static void test_AccessCheck(void)
          "NtAccessCheck shouldn't set last error, got %d\n", err);
       todo_wine ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
          "Access and/or AccessStatus were changed!\n");
-      todo_wine ok(ntPrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", ntPrivSetLen);
+      ok(ntPrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", ntPrivSetLen);
     }
     else
        win_skip("NtAccessCheck unavailable. Skipping.\n");
@@ -1520,7 +1520,6 @@ todo_wine
 todo_wine
     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
 todo_wine
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
@@ -1536,7 +1535,6 @@ todo_wine
 todo_wine
     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
 todo_wine
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
@@ -1552,7 +1550,6 @@ todo_wine
 todo_wine
     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
 todo_wine
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
@@ -1567,7 +1564,6 @@ todo_wine
                       PrivSet, &PrivSetLen, &Access, &AccessStatus);
     err = GetLastError();
     ok(ret, "AccessCheck failed with error %d\n", GetLastError());
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
     ok(AccessStatus && (Access == KEY_READ),
         "AccessCheck failed to grant access with error %d\n", GetLastError());
@@ -1637,7 +1633,6 @@ todo_wine
     todo_wine
         ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
            "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-    todo_wine
         ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
     todo_wine
         ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
@@ -1653,7 +1648,6 @@ todo_wine
     todo_wine
         ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
            "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-    todo_wine
         ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
     todo_wine
         ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
diff --git a/dlls/ntdll/unix/security.c b/dlls/ntdll/unix/security.c
index 6f945b24e68..8a5b1515ba9 100644
--- a/dlls/ntdll/unix/security.c
+++ b/dlls/ntdll/unix/security.c
@@ -732,7 +732,7 @@ NTSTATUS WINAPI NtAccessCheck( PSECURITY_DESCRIPTOR descr, HANDLE token, ACCESS_
 
         status = wine_server_call( req );
 
-        *retlen = offsetof( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
+        *retlen = max( offsetof( PRIVILEGE_SET, Privilege ) + reply->privileges_len, sizeof(PRIVILEGE_SET) );
         privs->PrivilegeCount = reply->privileges_len / sizeof(LUID_AND_ATTRIBUTES);
         if (status == STATUS_SUCCESS)
         {


