From d3c1b50d46230a981a09403af3d92ca029a2ebf6 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Fri, 26 Sep 2014 23:46:59 +0000
Subject: [PATCH] [LSASRV] Fix memory related issues in calls to
 LsaEnumerateLogonSessions. - Initialize ClientBaseAddress to NULL because we
 do not need to allocate a fixed memory page. - Protect Length from being
 overwitten by NtWriteVirtualMemory.

svn path=/trunk/; revision=64318
---
 reactos/dll/win32/lsasrv/session.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/reactos/dll/win32/lsasrv/session.c b/reactos/dll/win32/lsasrv/session.c
index 6edbf0da9f2..25bc1a073af 100644
--- a/reactos/dll/win32/lsasrv/session.c
+++ b/reactos/dll/win32/lsasrv/session.c
@@ -131,8 +131,8 @@ LsapEnumLogonSessions(IN OUT PLSA_API_MSG RequestMsg)
     PLIST_ENTRY SessionEntry;
     PLSAP_LOGON_SESSION CurrentSession;
     PLUID SessionList;
-    ULONG i, Length;
-    PVOID ClientBaseAddress;
+    ULONG i, Length, MemSize;
+    PVOID ClientBaseAddress = NULL;
     NTSTATUS Status;
 
     TRACE("LsapEnumLogonSessions()\n");
@@ -175,10 +175,11 @@ LsapEnumLogonSessions(IN OUT PLSA_API_MSG RequestMsg)
         goto done;
     }
 
+    MemSize = Length;
     Status = NtAllocateVirtualMemory(ProcessHandle,
                                      &ClientBaseAddress,
                                      0,
-                                     &Length,
+                                     &MemSize,
                                      MEM_COMMIT,
                                      PAGE_READWRITE);
     if (!NT_SUCCESS(Status))