From ea4c53340d6bc8d86af6b02a218e1d0ea6a5a796 Mon Sep 17 00:00:00 2001
From: Johannes Anderwald <johannes.anderwald@reactos.org>
Date: Fri, 13 Jul 2007 09:34:16 +0000
Subject: [PATCH] - fix Buffer overflow in CmpHiveRootSecurityDescriptor -
 patch by w3seek See issue #2401 for more details.

svn path=/trunk/; revision=27625
---
 reactos/ntoskrnl/config/cmse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reactos/ntoskrnl/config/cmse.c b/reactos/ntoskrnl/config/cmse.c
index 3c0d49c34e6..c97b5138823 100644
--- a/reactos/ntoskrnl/config/cmse.c
+++ b/reactos/ntoskrnl/config/cmse.c
@@ -24,7 +24,7 @@ CmpHiveRootSecurityDescriptor(VOID)
     NTSTATUS Status;
     PSECURITY_DESCRIPTOR SecurityDescriptor;
     PACL Acl, AclCopy;
-    PSID Sid[3];
+    PSID Sid[4];
     SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
     SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
     ULONG AceLength, AclLength, SidLength;