From 07e6af6aa1333a4a9c2a99c301b3e3520a325a5f Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Sat, 27 Oct 2018 19:35:45 +0200
Subject: [PATCH] [NTOSKRNL] Properly handle "big" security descriptors in
 ObpCaptureObjectCreateInformation()

---
 ntoskrnl/ob/oblife.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/ntoskrnl/ob/oblife.c b/ntoskrnl/ob/oblife.c
index 56dbcae4215..798cccad05c 100644
--- a/ntoskrnl/ob/oblife.c
+++ b/ntoskrnl/ob/oblife.c
@@ -460,6 +460,7 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes,
                                   IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
                                   OUT PUNICODE_STRING ObjectName)
 {
+    ULONG SdCharge, QuotaInfoSize;
     NTSTATUS Status = STATUS_SUCCESS;
     PSECURITY_DESCRIPTOR SecurityDescriptor;
     PSECURITY_QUALITY_OF_SERVICE SecurityQos;
@@ -518,8 +519,21 @@ ObpCaptureObjectCreateInformation(IN POBJECT_ATTRIBUTES ObjectAttributes,
                     _SEH2_YIELD(return Status);
                 }
 
+                /*
+                 * By default, assume a SD size of 1024 and allow twice its
+                 * size.
+                 * If SD size happen to be bigger than that, then allow it
+                 */
+                SdCharge = 2048;
+                SeComputeQuotaInformationSize(ObjectCreateInfo->SecurityDescriptor,
+                                              &QuotaInfoSize);
+                if ((2 * QuotaInfoSize) > 2048)
+                {
+                    SdCharge = 2 * QuotaInfoSize;
+                }
+
                 /* Save the probe mode and security descriptor size */
-                ObjectCreateInfo->SecurityDescriptorCharge = 2048; /* FIXME */
+                ObjectCreateInfo->SecurityDescriptorCharge = SdCharge;
                 ObjectCreateInfo->ProbeMode = AccessMode;
             }