Re: [PATCH 0/1] MR3505: ntdll: Implement NtCreateToken().

Hans Leidekker (@hans) commented about server/token.c:

•    unsigned int *attrs = (unsigned int *)((char *)user + sid_len( user ));
  

•    struct sid *sid = (struct sid *)&attrs[req->group_count];
  

•    group_count = req->group_count;
  

•    groups_size = group_count * sizeof( attrs[0] );
  

•    groups = malloc( group_count * sizeof( groups[0] ) );
  

•    if (!groups)
  

•    {
  

•        set_error( STATUS_NO_MEMORY );
  

•        return;
  

•    }
  

•    for (i = 0; i < group_count; i++)
  

•    {
  

•        groups[i].attrs = attrs[i];
  

The attrs array bounds should also be checked.