From 3b5107d06305972beaa9c5ff147ecbcd99949a75 Mon Sep 17 00:00:00 2001
From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Date: Wed, 19 Aug 2015 12:18:11 +1000
Subject: [PATCH] advapi32: Prevent buffer overrun.

---
 dlls/advapi32/security.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index d1e2bb4bd3c..a40e63976f0 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -4512,13 +4512,15 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
 {
     BOOL bret = FALSE;
     WCHAR toktype;
-    WCHAR tok[MAX_PATH];
+    WCHAR *tok;
     LPCWSTR lptoken;
     LPBYTE lpNext = NULL;
     DWORD len;
 
     *cBytes = sizeof(SECURITY_DESCRIPTOR);
 
+    tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
+
     if (SecurityDescriptor)
         lpNext = (LPBYTE)(SecurityDescriptor + 1);
 
@@ -4640,6 +4642,7 @@ static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
     bret = TRUE;
 
 lend:
+    heap_free(tok);
     return bret;
 }
 
-- 
2.11.4.GIT