From d748120ca18827a26c18f8c816fe44f0ef0b102d Mon Sep 17 00:00:00 2001
From: Christoph von Wittich <christoph_vw@reactos.org>
Date: Wed, 15 Apr 2009 08:33:57 +0000
Subject: [PATCH] check for immutable bits in RtlSetControlSecurityDescriptor
 fixes >100 advapi32 security winetests

svn path=/trunk/; revision=40519
---
 reactos/lib/rtl/sd.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/reactos/lib/rtl/sd.c b/reactos/lib/rtl/sd.c
index 37a183c6931..a048637e661 100644
--- a/reactos/lib/rtl/sd.c
+++ b/reactos/lib/rtl/sd.c
@@ -667,6 +667,13 @@ RtlSetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
                                 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
                                 IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
 {
+   SECURITY_DESCRIPTOR_CONTROL const immutable
+       = SE_OWNER_DEFAULTED  | SE_GROUP_DEFAULTED
+       | SE_DACL_PRESENT     | SE_DACL_DEFAULTED
+       | SE_SACL_PRESENT     | SE_SACL_DEFAULTED
+       | SE_RM_CONTROL_VALID | SE_SELF_RELATIVE
+       ;
+
    PISECURITY_DESCRIPTOR pSD = (PISECURITY_DESCRIPTOR)SecurityDescriptor;
 
    PAGED_CODE_RTL();
@@ -676,6 +683,9 @@ RtlSetControlSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
       return STATUS_UNKNOWN_REVISION;
    }
 
+   if ((ControlBitsOfInterest | ControlBitsToSet) & immutable)
+      return STATUS_INVALID_PARAMETER;
+
    /* Zero the 'bits of interest' */
    pSD->Control &= ~ControlBitsOfInterest;