Skip to content

Commit

Permalink
sd.go: fix calculation of security descriptor length in SddlToSecurit…
Browse files Browse the repository at this point in the history
…yDescriptor

unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}) is the minimum length of the SD,
not the actual length. Use the actual length for computing the length of the
slice.

This path also removes getSecurityDescriptorLength, which is no longer used.

Fixes microsoft#298

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
  • Loading branch information
dblohm7 committed Aug 9, 2023
1 parent 9f0d5dc commit 66d0065
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 9 deletions.
3 changes: 1 addition & 2 deletions sd.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import (
//sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
//sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
//sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
//sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength

type AccountLookupError struct {
Name string
Expand Down Expand Up @@ -121,7 +120,7 @@ func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
if err != nil {
return nil, &SddlConversionError{Sddl: sddl, Err: err}
}
b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}))
b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), sd.Length())
return b, nil
}

Expand Down
7 changes: 0 additions & 7 deletions zsyscall_windows.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 66d0065

Please sign in to comment.