From: Vijay Kiran Kamuju <infyquest@gmail.com>
Subject: [PATCH V2] ntdll: Improve invalid paramater handling in NtAccessCheck.
Message-Id: <20190423133734.1018-1-infyquest@gmail.com>
Date: Tue, 23 Apr 2019 15:37:34 +0200

From: Qian Hong <qhong@codeweavers.com>

From: Qian Hong <qhong@codeweavers.com>
Signed-off-by: Qian Hong <qhong@codeweavers.com>
Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
---
 dlls/advapi32/tests/security.c |  8 --------
 dlls/ntdll/sec.c               | 11 ++++++++++-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index d9cae64da8b..d886ab713f3 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1454,10 +1454,8 @@ static void test_AccessCheck(void)
     ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                       0, &PrivSetLen, &Access, &AccessStatus);
     err = GetLastError();
-todo_wine
     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
        "Access and/or AccessStatus were changed!\n");
@@ -1508,12 +1506,9 @@ todo_wine
     ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                       PrivSet, &PrivSetLen, &Access, &AccessStatus);
     err = GetLastError();
-todo_wine
     ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
        "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-todo_wine
     ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
-todo_wine
     ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
        "Access and/or AccessStatus were changed!\n");
 
@@ -1625,12 +1620,9 @@ todo_wine
         ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                           PrivSet, &PrivSetLen, &Access, &AccessStatus);
         err = GetLastError();
-    todo_wine
         ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
            "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
-    todo_wine
         ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
-    todo_wine
         ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
            "Access and/or AccessStatus were changed!\n");
 
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 02fc77dc1cc..ef91f2319fe 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1667,7 +1667,16 @@ NtAccessCheck(
         SecurityDescriptor, ClientToken, DesiredAccess, GenericMapping,
         PrivilegeSet, ReturnLength, GrantedAccess, AccessStatus);
 
-    if (!PrivilegeSet || !ReturnLength)
+    if (!ReturnLength)
+        return STATUS_ACCESS_VIOLATION;
+
+    if (*ReturnLength == 0)
+    {
+        *ReturnLength = sizeof(PRIVILEGE_SET);
+        return STATUS_BUFFER_TOO_SMALL;
+    }
+
+    if (!PrivilegeSet)
         return STATUS_ACCESS_VIOLATION;
 
     SERVER_START_REQ( access_check )

-- 
2.17.0