sd.go: fix calculation of security descriptor length in SddlToSecurit…

…yDescriptor (#299) unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}) is the minimum length of the SD, not the actual length. Use the actual length for computing the length of the slice. This path also removes getSecurityDescriptorLength, which is no longer used. Fixes #298 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
microsoft · Aug 10, 2023 · eb5b095 · eb5b095
1 parent 87c84cf
commit eb5b095
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/sd.go b/sd.go
@@ -15,7 +15,6 @@ import (
 //sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
 //sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
 //sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
-//sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
 
 type AccountLookupError struct {
 	Name string
@@ -121,7 +120,7 @@ func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
 	if err != nil {
 		return nil, &SddlConversionError{Sddl: sddl, Err: err}
 	}
-	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}))
+	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), sd.Length())
 	return b, nil
 }
 

diff --git a/zsyscall_windows.go b/zsyscall_windows.go