From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
--- dlls/ntdll/sec.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c index ba11000564e..ba8d7b71593 100644 --- a/dlls/ntdll/sec.c +++ b/dlls/ntdll/sec.c @@ -1172,6 +1172,8 @@ NTSTATUS WINAPI RtlAddAce( return STATUS_INVALID_PARAMETER; if (!RtlFirstFreeAce(acl,&targetace)) return STATUS_INVALID_PARAMETER; + if (!targetace) + return STATUS_ALLOTTED_SPACE_EXCEEDED; nrofaces=0;ace=acestart; while (((BYTE *)ace - (BYTE *)acestart) < acelen) { nrofaces++;
From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
--- dlls/ntdll/sec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c index ba8d7b71593..20adc044158 100644 --- a/dlls/ntdll/sec.c +++ b/dlls/ntdll/sec.c @@ -1149,9 +1149,8 @@ BOOLEAN WINAPI RtlFirstFreeAce( return FALSE; ace = (PACE_HEADER)(((BYTE*)ace)+ace->AceSize); } - if ((BYTE *)ace >= (BYTE *)acl + acl->AclSize) - return FALSE; - *x = ace; + if ((BYTE *)ace <= (BYTE *)acl + acl->AclSize) + *x = ace; return TRUE; }
From: Alistair Leslie-Hughes leslie_alistair@hotmail.com
Signed-off-by: Alistair Leslie-Hughes leslie_alistair@hotmail.com --- dlls/ntdll/tests/rtl.c | 49 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)
diff --git a/dlls/ntdll/tests/rtl.c b/dlls/ntdll/tests/rtl.c index aeae4e8adf3..02b31481981 100644 --- a/dlls/ntdll/tests/rtl.c +++ b/dlls/ntdll/tests/rtl.c @@ -3682,6 +3682,54 @@ static void test_RtlDestroyHeap(void) RtlRemoveVectoredExceptionHandler( handler ); }
+static void test_RtlFirstFreeAce(void) +{ + PACL acl; + PACE_HEADER first; + BOOL ret; + DWORD size; + BOOLEAN found; + + size = sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)); + acl = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size); + ret = InitializeAcl(acl, sizeof(ACL), ACL_REVISION); + ok(ret, "InitializeAcl failed with error %ld\n", GetLastError()); + + /* AceCount = 0 */ + first = (ACE_HEADER *)0xdeadbeef; + found = RtlFirstFreeAce(acl, &first); + ok(found, "RtlFirstFreeAce failed\n"); + ok(first == (PACE_HEADER)(acl + 1), "Failed to find ACL\n"); + + acl->AclSize = sizeof(ACL) - 1; + first = (ACE_HEADER *)0xdeadbeef; + found = RtlFirstFreeAce(acl, &first); + ok(found, "RtlFirstFreeAce failed\n"); + ok(first == NULL, "Found FirstAce = %p\n", first); + + /* AceCount = 1 */ + acl->AceCount = 1; + acl->AclSize = size; + first = (ACE_HEADER *)0xdeadbeef; + found = RtlFirstFreeAce(acl, &first); + ok(found, "RtlFirstFreeAce failed\n"); + ok(first == (PACE_HEADER)(acl + 1), "Failed to find ACL %p, %p\n", first, (PACE_HEADER)(acl + 1)); + + acl->AclSize = sizeof(ACL) - 1; + first = (ACE_HEADER *)0xdeadbeef; + found = RtlFirstFreeAce(acl, &first); + ok(!found, "RtlFirstFreeAce failed\n"); + ok(first == NULL, "Found FirstAce = %p\n", first); + + acl->AclSize = sizeof(ACL); + first = (ACE_HEADER *)0xdeadbeef;; + found = RtlFirstFreeAce(acl, &first); + ok(!found, "RtlFirstFreeAce failed\n"); + ok(first == NULL, "Found FirstAce = %p\n", first); + + HeapFree(GetProcessHeap(), 0, acl); +} + START_TEST(rtl) { InitFunctionPtrs(); @@ -3725,4 +3773,5 @@ START_TEST(rtl) test_LdrRegisterDllNotification(); test_DbgPrint(); test_RtlDestroyHeap(); + test_RtlFirstFreeAce(); }
-
Alistair Leslie-Hughes -
Alistair Leslie-Hughes (@alesliehughes)