From 9c1c88de3e0936544e36cf72c8eb3261e967b5eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Bi=C8=99oc?= Date: Sun, 26 Sep 2021 11:42:00 +0200 Subject: [PATCH] [NTOS:SE] Define a name macro for the threshold value Instead of having this magic value as is, describe it within a macro for readability purposes. --- ntoskrnl/se/sid.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ntoskrnl/se/sid.c b/ntoskrnl/se/sid.c index de4c6f48f39..8d9e701f245 100644 --- a/ntoskrnl/se/sid.c +++ b/ntoskrnl/se/sid.c @@ -13,6 +13,8 @@ /* GLOBALS ********************************************************************/ +#define SE_MAXIMUM_GROUP_LIMIT 0x1000 + SID_IDENTIFIER_AUTHORITY SeNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; @@ -444,7 +446,8 @@ SepReleaseSid( * Returns STATUS_SUCCESS if SID and attributes capturing * has been completed successfully. STATUS_INVALID_PARAMETER * is returned if the count of attributes exceeds the maximum - * threshold that the kernel can permit. STATUS_INSUFFICIENT_RESOURCES + * threshold that the kernel can permit, with the purpose of + * avoiding integer overflows. STATUS_INSUFFICIENT_RESOURCES * is returned if memory pool allocation for the captured SID has failed. * STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated * buffer is less than the required size. A failure NTSTATUS code is @@ -478,7 +481,7 @@ SeCaptureSidAndAttributesArray( return STATUS_SUCCESS; } - if (AttributeCount > 0x1000) + if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT) { return STATUS_INVALID_PARAMETER; }