[PATCH 2/2] ntdll: Improve invalid parameter handling in NtAccessCheck. (try 3)
Alexandre Julliard
julliard at winehq.org
Tue Feb 23 03:04:54 CST 2016
Qian Hong <qhong at codeweavers.com> writes:
> @@ -1629,8 +1630,28 @@ NtAccessCheck(
>
> status = wine_server_call( req );
>
> - *ReturnLength = FIELD_OFFSET( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
> - PrivilegeSet->PrivilegeCount = reply->privileges_len / sizeof(LUID_AND_ATTRIBUTES);
> + return_length = FIELD_OFFSET( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
> + if (return_length < sizeof(PRIVILEGE_SET))
> + return_length = sizeof(PRIVILEGE_SET);
> +
> + if (*ReturnLength == 0)
> + {
> + *ReturnLength = return_length;
> + return STATUS_BUFFER_TOO_SMALL;
> + }
> +
> + if (!PrivilegeSet)
> + return STATUS_ACCESS_VIOLATION;
It doesn't make sense to test this after it has already been passed to
the server, what's more with an invalid length.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list