2 May
2018
2 May
'18
2:10 p.m.
Hans Leidekker <hans(a)codeweavers.com> writes:
+ privs = get_req_data_after_objattr( objattr, &data_size ); + privs_size = req->privilege_count * sizeof(*privs); + if (req->default_dacl_size) acl = (const ACL *)((char *)privs + privs_size); + + groups = (const struct token_groups *)((char *)privs + privs_size + req->default_dacl_size); + attr = (unsigned int *)(groups + 1); + sid = (const SID *)(attr + groups->count); /* first entry is user */ + if (!acl) acl = default_dacl = create_default_dacl( sid );
You need to validate all the sizes and alignments before accessing any data received from the client. -- Alexandre Julliard julliard(a)winehq.org