ntdll: RtlCreateAcl: initialize all the bytes passed by the user

Alexandre Julliard julliard at winehq.org
Tue Oct 30 06:46:05 CDT 2007

"Dan Kegel" <dank at kegel.com> writes:

> Without this patch, NtAccessCheck() references uninitialized
> memory (it seems to send the entire ACL with the user's
> length to the server, not just sizeof(ACL)).  This showed up as
> valgrind errors when running "make test" in advapi32.
> I suppose the right fix might be to send just sizeof(ACL) bytes
> to the server, but I wouldn't know, and initializing all
> the bytes given by the caller seems innocuous enough.

It isn't innocuous, if Windows doesn't do it then it's quite likely that
apps will pass a too large size, we've had that kind of problem in some
other places already.

Alexandre Julliard
julliard at winehq.org

More information about the wine-devel mailing list