diff --git a/patches/02-ACL_Extended_Attributes/0003-server-Store-file-security-attributes-with-extended-.patch b/patches/02-ACL_Extended_Attributes/0003-server-Store-file-security-attributes-with-extended-.patch
index 77b86dc4..2eb40ad7 100644
--- a/patches/02-ACL_Extended_Attributes/0003-server-Store-file-security-attributes-with-extended-.patch
+++ b/patches/02-ACL_Extended_Attributes/0003-server-Store-file-security-attributes-with-extended-.patch
@@ -1,13 +1,13 @@
-From 060f418210bd083d4893b5bf481c9a42525320c6 Mon Sep 17 00:00:00 2001
+From 26610999c43a7c3725490800baf53aed0a0820a7 Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
-Date: Tue, 15 Apr 2014 14:27:48 -0600
+Date: Tue, 15 Apr 2014 14:52:28 -0600
 Subject: server: Store file security attributes with extended file
  attributes.
 
 ---
- configure.ac  |   12 +++++++++++
- server/file.c |   65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 77 insertions(+)
+ configure.ac  |   12 ++++++++++
+ server/file.c |   70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 82 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
 index 7e463b9..c0cc653 100644
@@ -40,7 +40,7 @@ index 7e463b9..c0cc653 100644
  
  AC_SUBST(dlldir,"\${libdir}/wine")
 diff --git a/server/file.c b/server/file.c
-index c98f045..40013b1 100644
+index c98f045..adf7e51 100644
 --- a/server/file.c
 +++ b/server/file.c
 @@ -32,6 +32,7 @@
@@ -61,7 +61,7 @@ index c98f045..40013b1 100644
  
  #include "ntstatus.h"
  #define WIN32_NO_STATUS
-@@ -178,6 +182,64 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
+@@ -178,6 +182,69 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
      return &file->obj;
  }
  
@@ -104,6 +104,11 @@ index c98f045..40013b1 100644
 +            default:
 +                continue;
 +        }
++
++        /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
++        if (sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES)
++            continue;
++
 +        n = sprintf( sidtxt,  "S-%u-%d", sid->Revision,
 +            MAKELONG(
 +                MAKEWORD( sid->IdentifierAuthority.Value[5],
@@ -126,7 +131,7 @@ index c98f045..40013b1 100644
  static struct object *create_file( struct fd *root, const char *nameptr, data_size_t len,
                                     unsigned int access, unsigned int sharing, int create,
                                     unsigned int options, unsigned int attrs,
-@@ -239,6 +301,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
+@@ -239,6 +306,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
      /* FIXME: should set error to STATUS_OBJECT_NAME_COLLISION if file existed before */
      fd = open_fd( root, name, flags | O_NONBLOCK | O_LARGEFILE, &mode, access, sharing, options );
      if (!fd) goto done;
@@ -134,7 +139,7 @@ index c98f045..40013b1 100644
  
      if (S_ISDIR(mode))
          obj = create_dir_obj( fd, access, mode );
-@@ -580,6 +643,8 @@ int file_set_acls( struct object *obj, struct fd *fd, const struct security_desc
+@@ -580,6 +648,8 @@ int file_set_acls( struct object *obj, struct fd *fd, const struct security_desc
          mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
          mode |= sd_to_mode( sd, owner );
  
diff --git a/patches/02-ACL_Extended_Attributes/0004-server-Retrieve-file-security-attributes-with-extend.patch b/patches/02-ACL_Extended_Attributes/0004-server-Retrieve-file-security-attributes-with-extend.patch
index 21f4915b..cab15029 100644
--- a/patches/02-ACL_Extended_Attributes/0004-server-Retrieve-file-security-attributes-with-extend.patch
+++ b/patches/02-ACL_Extended_Attributes/0004-server-Retrieve-file-security-attributes-with-extend.patch
@@ -1,13 +1,13 @@
-From 2d625c28a1d39e093adcf0059815082e6995666e Mon Sep 17 00:00:00 2001
+From 96ef630b374cc6254dd8d0afe0eb8a9a240f4d50 Mon Sep 17 00:00:00 2001
 From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
-Date: Tue, 15 Apr 2014 14:31:43 -0600
+Date: Tue, 15 Apr 2014 14:55:45 -0600
 Subject: server: Retrieve file security attributes with extended file
  attributes.
 
 ---
- dlls/advapi32/tests/security.c |   49 +++++++------
- server/file.c                  |  156 +++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 177 insertions(+), 28 deletions(-)
+ dlls/advapi32/tests/security.c |   49 ++++++------
+ server/file.c                  |  169 +++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 190 insertions(+), 28 deletions(-)
 
 diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
 index bd45189..e5ef7e6 100644
@@ -110,10 +110,10 @@ index bd45189..e5ef7e6 100644
      CloseHandle(obj);
  }
 diff --git a/server/file.c b/server/file.c
-index 40013b1..77da72e 100644
+index adf7e51..39169a4 100644
 --- a/server/file.c
 +++ b/server/file.c
-@@ -487,12 +487,161 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
+@@ -492,12 +492,174 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
      return sd;
  }
  
@@ -149,6 +149,11 @@ index 40013b1..77da72e 100644
 +        }
 +        while(p && (!pn || p < pn));
 +        sub_authority_count -= 3; /* Revision and IdentifierAuthority don't count */
++        p = pn; /* prepare for the next ACE */
++
++        /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
++        if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
++            continue;
 +
 +        switch (type)
 +        {
@@ -164,7 +169,6 @@ index 40013b1..77da72e 100644
 +                continue;
 +        }
 +        ace_count++;
-+        p = pn;
 +    }
 +    while(p);
 +
@@ -224,6 +228,11 @@ index 40013b1..77da72e 100644
 +        p = strchr(p, '-')+1; /* IdentifierAuthority doesn't count */
 +        do
 +        {
++            if (sub_authority_count == SID_MAX_SUB_AUTHORITIES)
++            {
++                sub_authority_count++; /* fail on this SID and move on to the next one */
++                break;
++            }
 +            sscanf(p, "%u", &sa);
 +            sid->SubAuthority[sub_authority_count] = sa;
 +            p = strchr(p, '-');
@@ -232,6 +241,11 @@ index 40013b1..77da72e 100644
 +        }
 +        while(p);
 +        sid->SubAuthorityCount = sub_authority_count;
++        p = pn; /* prepare for the next ACE */
++
++        /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
++        if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
++            continue;
 +
 +        /* Handle the specific ACE */
 +        switch (type)
@@ -256,7 +270,6 @@ index 40013b1..77da72e 100644
 +            default:
 +                continue;
 +        }
-+        p = pn;
 +    }
 +
 +    return sd;
@@ -275,7 +288,7 @@ index 40013b1..77da72e 100644
  
      if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
          return obj->sd;
-@@ -502,9 +651,10 @@ struct security_descriptor *file_get_acls( struct object *obj, struct fd *fd, mo
+@@ -507,9 +669,10 @@ struct security_descriptor *file_get_acls( struct object *obj, struct fd *fd, mo
          (st.st_uid == *uid))
          return obj->sd;