Re: [PATCH 0/1] MR3505: ntdll: Implement NtCreateToken().

Hans Leidekker (@hans) commented about server/token.c:

+{ + struct token *token; + struct object_attributes *objattr; + struct sid *user; + struct sid_attrs *groups = NULL; + struct luid_attr *privs = NULL; + struct acl *dacl = NULL; + unsigned int group_count = 0, priv_count = 0, i; + data_size_t data_size, groups_size = 0; + struct acl *default_dacl = NULL; + + objattr = (struct object_attributes *)get_req_data(); + user = (struct sid *)get_req_data_after_objattr( objattr, &data_size ); + + if (!user || data_size < sid_len( user ) ) + { You should check that sid_len() doesn't read past the end of the buffer.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/3505#note_41231