Hans Leidekker hans@codeweavers.com writes:
- privs = get_req_data_after_objattr( objattr, &data_size );
- privs_size = req->privilege_count * sizeof(*privs);
- if (req->default_dacl_size) acl = (const ACL *)((char *)privs + privs_size);
- groups = (const struct token_groups *)((char *)privs + privs_size + req->default_dacl_size);
- attr = (unsigned int *)(groups + 1);
- sid = (const SID *)(attr + groups->count); /* first entry is user */
- if (!acl) acl = default_dacl = create_default_dacl( sid );
You need to validate all the sizes and alignments before accessing any data received from the client.