From f926811e0df963319aa1b7903c368fbfe4a51986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Wed, 3 Apr 2019 17:44:31 +0200
Subject: [PATCH] server: Correctly validate SID length in sd_is_valid.

Signed-off-by: Vijay Kiran Kamuju <infyquest@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 server/token.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/server/token.c b/server/token.c
index e58e6a4fe77..5c35bcc19f6 100644
--- a/server/token.c
+++ b/server/token.c
@@ -305,8 +305,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
     owner = sd_get_owner( sd );
     if (owner)
     {
-        size_t needed_size = security_sid_len( owner );
-        if ((sd->owner_len < sizeof(SID)) || (needed_size > sd->owner_len))
+        if ((sd->owner_len < sizeof(SID)) || (security_sid_len( owner ) > sd->owner_len))
             return FALSE;
     }
     offset += sd->owner_len;
@@ -317,8 +316,7 @@ int sd_is_valid( const struct security_descriptor *sd, data_size_t size )
     group = sd_get_group( sd );
     if (group)
     {
-        size_t needed_size = security_sid_len( group );
-        if ((sd->group_len < sizeof(SID)) || (needed_size > sd->group_len))
+        if ((sd->group_len < sizeof(SID)) || (security_sid_len( group ) > sd->group_len))
             return FALSE;
     }
     offset += sd->group_len;