advapi32: Fix buffer size query for CreateWellKnownSid.

dlls/advapi32/security.c

@@ -859,7 +859,8 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
     unsigned int i;
     TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
 
-    if (cbSid == NULL || pSid == NULL || (DomainSid && !IsValidSid(DomainSid))) {
+    if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
+    {
         SetLastError(ERROR_INVALID_PARAMETER);
         return FALSE;
     }
@@ -868,11 +869,17 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
         if (WellKnownSids[i].Type == WellKnownSidType) {
             DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
 
-            if (*cbSid < length) {
+            if (*cbSid < length)
+            {
+                *cbSid = length;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 return FALSE;
             }
-
+            if (!pSid)
+            {
+                SetLastError(ERROR_INVALID_PARAMETER);
+                return FALSE;
+            }
             CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
             *cbSid = length;
             return TRUE;
@@ -891,11 +898,17 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
             DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
             DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
 
-            if (*cbSid < output_sid_length) {
+            if (*cbSid < output_sid_length)
+            {
+                *cbSid = output_sid_length;
                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
                 return FALSE;
             }
-
+            if (!pSid)
+            {
+                SetLastError(ERROR_INVALID_PARAMETER);
+                return FALSE;
+            }
             CopyMemory(pSid, DomainSid, domain_sid_length);
             (*GetSidSubAuthorityCount(pSid))++;
             (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;

dlls/advapi32/tests/security.c

@@ -1354,7 +1354,9 @@ struct well_known_sid_value
 static void test_CreateWellKnownSid(void)
 {
     SID_IDENTIFIER_AUTHORITY ident = { SECURITY_NT_AUTHORITY };
-    PSID domainsid;
+    PSID domainsid, sid;
+    DWORD size, error;
+    BOOL ret;
     int i;
 
     if (!pCreateWellKnownSid)
@@ -1363,6 +1365,25 @@ static void test_CreateWellKnownSid(void)
         return;
     }
 
+    size = 0;
+    SetLastError(0xdeadbeef);
+    ret = pCreateWellKnownSid(WinInteractiveSid, NULL, NULL, &size);
+    error = GetLastError();
+    ok(!ret, "CreateWellKnownSid succeeded\n");
+    ok(error == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %u\n", error);
+    ok(size, "expected size > 0\n");
+
+    SetLastError(0xdeadbeef);
+    ret = pCreateWellKnownSid(WinInteractiveSid, NULL, NULL, &size);
+    error = GetLastError();
+    ok(!ret, "CreateWellKnownSid succeeded\n");
+    ok(error == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %u\n", error);
+
+    sid = HeapAlloc(GetProcessHeap(), 0, size);
+    ret = pCreateWellKnownSid(WinInteractiveSid, NULL, sid, &size);
+    ok(ret, "CreateWellKnownSid failed %u\n", GetLastError());
+    HeapFree(GetProcessHeap(), 0, sid);
+
     /* a domain sid usually have three subauthorities but we test that CreateWellKnownSid doesn't check it */
     AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);