Re: [PATCH 0/1] MR3505: ntdll: Implement NtCreateToken().

Hans Leidekker (@hans) commented about server/token.c:

• {

•    priv_count = req->priv_count;
  

•    if (data_size < priv_count * sizeof( privs[0] ))
  

•    {
  

•        free( groups );
  

•        set_error( STATUS_INVALID_PARAMETER );
  

•        return;
  

•    }
  

•    data_size -= priv_count * sizeof( privs[0] );
  

•    privs = (struct luid_attr *)((char *)groups + groups_size);
  

• }
• if (data_size)

•    dacl = (struct acl *)((char *)privs + priv_count * sizeof(privs[0]));
  

dacl should also be checked.