advapi32: Prevent buffer overrun.

3b5107d0 · Alistair Leslie-Hughes · Alexandre Julliard · 453d71b9 · 3b5107d0
Commit 3b5107d0 authored Aug 19, 2015 by Alistair Leslie-Hughes Committed by Alexandre Julliard Aug 19, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

security.c dlls/advapi32/security.c +4 -1

No files found.
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -4512,13 +4512,15 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
 {
    BOOL bret = FALSE;
    WCHAR toktype;
-    WCHAR tok[MAX_PATH];
+    WCHAR *tok;
    LPCWSTR lptoken;
    LPBYTE lpNext = NULL;
    DWORD len;
    *cBytes = sizeof(SECURITY_DESCRIPTOR);
+    tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
    if (SecurityDescriptor)
        lpNext = (LPBYTE)(SecurityDescriptor + 1);
@@ -4640,6 +4642,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
    bret = TRUE;
 lend:
+    heap_free(tok);
    return bret;
 }