Module: wine Branch: master Commit: f926811e0df963319aa1b7903c368fbfe4a51986 URL: https://source.winehq.org/git/wine.git/?a=commit;h=f926811e0df963319aa1b7903...
Author: Michael Müller michael@fds-team.de Date: Wed Apr 3 17:44:31 2019 +0200
server: Correctly validate SID length in sd_is_valid.
Signed-off-by: Vijay Kiran Kamuju infyquest@gmail.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
server/token.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/server/token.c b/server/token.c index e58e6a4..5c35bcc 100644 --- a/server/token.c +++ b/server/token.c @@ -305,8 +305,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size ) owner = sd_get_owner( sd ); if (owner) { - size_t needed_size = security_sid_len( owner ); - if ((sd->owner_len < sizeof(SID)) || (needed_size > sd->owner_len)) + if ((sd->owner_len < sizeof(SID)) || (security_sid_len( owner ) > sd->owner_len)) return FALSE; } offset += sd->owner_len; @@ -317,8 +316,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size ) group = sd_get_group( sd ); if (group) { - size_t needed_size = security_sid_len( group ); - if ((sd->group_len < sizeof(SID)) || (needed_size > sd->group_len)) + if ((sd->group_len < sizeof(SID)) || (security_sid_len( group ) > sd->group_len)) return FALSE; } offset += sd->group_len;