From d63e0b7084ff651a8423324c54ab98ff8669de51 Mon Sep 17 00:00:00 2001 From: Paul Gofman Date: Wed, 4 Aug 2021 13:43:46 +0300 Subject: [PATCH] kernelbase: Fix copy size for delete_privs in CreateRestrictedToken(). Fixes 3D Aim Trainer crash on start. Signed-off-by: Paul Gofman Signed-off-by: Alexandre Julliard --- dlls/kernelbase/security.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dlls/kernelbase/security.c b/dlls/kernelbase/security.c index 97943048b01..36196304db3 100644 --- a/dlls/kernelbase/security.c +++ b/dlls/kernelbase/security.c @@ -662,21 +662,21 @@ BOOL WINAPI CreateRestrictedToken( HANDLE token, DWORD flags, { if (!(nt_disable_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[disable_sid_count] ) ))) goto out; nt_disable_sids->GroupCount = disable_sid_count; - memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(SID_AND_ATTRIBUTES) ); + memcpy( nt_disable_sids->Groups, disable_sids, disable_sid_count * sizeof(*disable_sids) ); } if (delete_priv_count) { if (!(nt_privs = heap_alloc( offsetof( TOKEN_GROUPS, Groups[delete_priv_count] ) ))) goto out; nt_privs->PrivilegeCount = delete_priv_count; - memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(SID_AND_ATTRIBUTES) ); + memcpy( nt_privs->Privileges, delete_privs, delete_priv_count * sizeof(*delete_privs) ); } if (restrict_sid_count) { if (!(nt_restrict_sids = heap_alloc( offsetof( TOKEN_GROUPS, Groups[restrict_sid_count] ) ))) goto out; nt_restrict_sids->GroupCount = restrict_sid_count; - memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(SID_AND_ATTRIBUTES) ); + memcpy( nt_restrict_sids->Groups, restrict_sids, restrict_sid_count * sizeof(*restrict_sids) ); } status = NtFilterToken(token, flags, nt_disable_sids, nt_privs, nt_restrict_sids, ret);