From cf4aa7ea9da0b0008b378032ba229da6a7ee22f0 Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Sat, 23 Sep 2023 17:43:14 +0300 Subject: [PATCH] [LSASRV] Fix usage of self-relative security descriptor in LsarQuerySecurityObject --- dll/win32/lsasrv/lsarpc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dll/win32/lsasrv/lsarpc.c b/dll/win32/lsasrv/lsarpc.c index 62d245b9d42..de22cf47097 100644 --- a/dll/win32/lsasrv/lsarpc.c +++ b/dll/win32/lsasrv/lsarpc.c @@ -201,7 +201,7 @@ LsarQuerySecurityObject( PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor) { PLSA_DB_OBJECT DbObject = NULL; - PSECURITY_DESCRIPTOR RelativeSd = NULL; + PISECURITY_DESCRIPTOR_RELATIVE RelativeSd = NULL; PSECURITY_DESCRIPTOR ResultSd = NULL; PLSAPR_SR_SECURITY_DESCRIPTOR SdData = NULL; ACCESS_MASK DesiredAccess = 0; @@ -256,16 +256,16 @@ LsarQuerySecurityObject( /* Invalidate the SD information that was not requested */ if (!(SecurityInformation & OWNER_SECURITY_INFORMATION)) - ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL; + RelativeSd->Owner = 0; if (!(SecurityInformation & GROUP_SECURITY_INFORMATION)) - ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL; + RelativeSd->Group = 0; if (!(SecurityInformation & DACL_SECURITY_INFORMATION)) - ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT; + RelativeSd->Control &= ~SE_DACL_PRESENT; if (!(SecurityInformation & SACL_SECURITY_INFORMATION)) - ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT; + RelativeSd->Control &= ~SE_SACL_PRESENT; /* Calculate the required SD size */ Status = RtlMakeSelfRelativeSD(RelativeSd, @@ -298,7 +298,7 @@ LsarQuerySecurityObject( } /* Fill the SD data buffer and return it to the caller */ - SdData->Length = RelativeSdSize; + SdData->Length = ResultSdSize; SdData->SecurityDescriptor = (PBYTE)ResultSd; *SecurityDescriptor = SdData;