From eb5b095417bf0e22a36c4756f3bc8a3cc0322f79 Mon Sep 17 00:00:00 2001
From: Aaron Klotz <aaron@tailscale.com>
Date: Thu, 10 Aug 2023 12:09:46 -0600
Subject: [PATCH] sd.go: fix calculation of security descriptor length in
 SddlToSecurityDescriptor (#299)

unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}) is the minimum length of the SD,
not the actual length. Use the actual length for computing the length of the
slice.

This path also removes getSecurityDescriptorLength, which is no longer used.

Fixes https://github.com/microsoft/go-winio/issues/298

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
---
 sd.go               | 3 +--
 zsyscall_windows.go | 7 -------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/sd.go b/sd.go
index c4213178..c3685e98 100644
--- a/sd.go
+++ b/sd.go
@@ -15,7 +15,6 @@ import (
 //sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
 //sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
 //sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
-//sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
 
 type AccountLookupError struct {
 	Name string
@@ -121,7 +120,7 @@ func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
 	if err != nil {
 		return nil, &SddlConversionError{Sddl: sddl, Err: err}
 	}
-	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{}))
+	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), sd.Length())
 	return b, nil
 }
 
diff --git a/zsyscall_windows.go b/zsyscall_windows.go
index 49237620..4e98e707 100644
--- a/zsyscall_windows.go
+++ b/zsyscall_windows.go
@@ -48,7 +48,6 @@ var (
 	procAdjustTokenPrivileges              = modadvapi32.NewProc("AdjustTokenPrivileges")
 	procConvertSidToStringSidW             = modadvapi32.NewProc("ConvertSidToStringSidW")
 	procConvertStringSidToSidW             = modadvapi32.NewProc("ConvertStringSidToSidW")
-	procGetSecurityDescriptorLength        = modadvapi32.NewProc("GetSecurityDescriptorLength")
 	procImpersonateSelf                    = modadvapi32.NewProc("ImpersonateSelf")
 	procLookupAccountNameW                 = modadvapi32.NewProc("LookupAccountNameW")
 	procLookupAccountSidW                  = modadvapi32.NewProc("LookupAccountSidW")
@@ -105,12 +104,6 @@ func convertStringSidToSid(str *uint16, sid **byte) (err error) {
 	return
 }
 
-func getSecurityDescriptorLength(sd uintptr) (len uint32) {
-	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(sd), 0, 0)
-	len = uint32(r0)
-	return
-}
-
 func impersonateSelf(level uint32) (err error) {
 	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(level), 0, 0)
 	if r1 == 0 {