From a303932803d5939c4b6820f693fef310e48ee18b Mon Sep 17 00:00:00 2001
From: Michael Maltsev <4129781+m417z@users.noreply.github.com>
Date: Mon, 3 Jun 2019 12:35:58 +0300
Subject: [PATCH] [ADVAPI32] Avoid excessive allocation in
 CheckTokenMembership. CORE-16094

---
 dll/win32/advapi32/token/token.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dll/win32/advapi32/token/token.c b/dll/win32/advapi32/token/token.c
index 0c3cacd7725..32ef4064c6b 100644
--- a/dll/win32/advapi32/token/token.c
+++ b/dll/win32/advapi32/token/token.c
@@ -100,7 +100,7 @@ CheckTokenMembership(IN HANDLE ExistingTokenHandle,
                                          0,
                                          sizeof(SECURITY_DESCRIPTOR) +
                                              sizeof(ACL) + SidLen +
-                                             sizeof(ACCESS_ALLOWED_ACE));
+                                             FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart));
     if (SecurityDescriptor == NULL)
     {
         Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -134,7 +134,7 @@ CheckTokenMembership(IN HANDLE ExistingTokenHandle,
     /* create the DACL */
     Dacl = (PACL)(SecurityDescriptor + 1);
     Status = RtlCreateAcl(Dacl,
-                          sizeof(ACL) + SidLen + sizeof(ACCESS_ALLOWED_ACE),
+                          sizeof(ACL) + SidLen + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
                           ACL_REVISION);
     if (!NT_SUCCESS(Status))
     {