Added first part of patchset containing various improvements for LsaLookupSids.

patches/advapi32-LsaLookupSids/0001-advapi32-Initialize-buffer-length-to-zero-in-LsaLook.patch

@@ -0,0 +1,31 @@
+From be28c746d013c16fa6c2e50f5f9debc45d39d81b Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 7 Apr 2015 13:18:31 +0800
+Subject: advapi32: Initialize buffer length to zero in LsaLookupSids to
+ prevent crash. (try 2)
+
+Superseded 110588-110594
+
+Try 2:
+- Use RtlInitUnicodeStringEx to simplify code when possible. Same for
+other patches in this series. (Thanks Nikolay)
+---
+ dlls/advapi32/lsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
+index 2a8b791..69c29c5 100644
+--- a/dlls/advapi32/lsa.c
++++ b/dlls/advapi32/lsa.c
+@@ -502,7 +502,7 @@ NTSTATUS WINAPI LsaLookupSids(
+     {
+         (*Names)[i].Use = SidTypeUnknown;
+         (*Names)[i].DomainIndex = -1;
+-        (*Names)[i].Name.Buffer = NULL;
++        RtlInitUnicodeStringEx(&(*Names)[i].Name, NULL);
+ 
+         memset(&(*ReferencedDomains)->Domains[i], 0, sizeof(LSA_TRUST_INFORMATION));
+ 
+-- 
+2.3.5
+

patches/advapi32-LsaLookupSids/0002-advapi32-Prepend-a-hidden-LSA_TRUST_INFORMATION-in-L.patch

@@ -0,0 +1,47 @@
+From 246cb6b72666dcb77fb2f553d318d7dabbe8811d Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 7 Apr 2015 13:18:47 +0800
+Subject: advapi32: Prepend a hidden LSA_TRUST_INFORMATION in LsaLookupSids to
+ avoid crash when Domains[-1] incorrectly accessed by application. (try 2)
+
+---
+ dlls/advapi32/lsa.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
+index 69c29c5..dfe25b3 100644
+--- a/dlls/advapi32/lsa.c
++++ b/dlls/advapi32/lsa.c
+@@ -488,14 +488,17 @@ NTSTATUS WINAPI LsaLookupSids(
+     if (!(*Names = heap_alloc(name_fullsize))) return STATUS_NO_MEMORY;
+     /* maximum count of stored domain infos is Count, allocate it like that cause really needed
+        count could only be computed after sid data is retrieved */
+-    domain_fullsize = sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION)*Count;
++    domain_fullsize = sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION) * (Count + 1);
+     if (!(*ReferencedDomains = heap_alloc(domain_fullsize)))
+     {
+         heap_free(*Names);
+         return STATUS_NO_MEMORY;
+     }
+     (*ReferencedDomains)->Entries = 0;
+-    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST));
++    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains +
++                                    sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION));
++    (*ReferencedDomains)->Domains[-1].Sid = NULL;
++    RtlInitUnicodeStringEx(&(*ReferencedDomains)->Domains[-1].Name, NULL);
+ 
+     /* Get full names data length and full length needed to store domain name and SID */
+     for (i = 0; i < Count; i++)
+@@ -555,7 +558,8 @@ NTSTATUS WINAPI LsaLookupSids(
+ 
+     *ReferencedDomains = heap_realloc(*ReferencedDomains, domain_fullsize);
+     /* fix pointer after reallocation */
+-    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains + sizeof(LSA_REFERENCED_DOMAIN_LIST));
++    (*ReferencedDomains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*ReferencedDomains +
++                                    sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION));
+     domain_data = (char*)(*ReferencedDomains)->Domains + sizeof(LSA_TRUST_INFORMATION)*Count;
+ 
+     mapped = 0;
+-- 
+2.3.5
+

patches/advapi32-LsaLookupSids/0003-advapi32-Prepend-a-hidden-LSA_TRUST_INFORMATION-in-L.patch

@@ -0,0 +1,39 @@
+From ce254ac3659e0c040136341d035629f99ec6d1ea Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 7 Apr 2015 13:19:06 +0800
+Subject: advapi32: Prepend a hidden LSA_TRUST_INFORMATION in LsaLookupNames2
+ to avoid crash when Domains[-1] incorrectly accessed by application. (try 2)
+
+---
+ dlls/advapi32/lsa.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
+index dfe25b3..258b8ca 100644
+--- a/dlls/advapi32/lsa.c
++++ b/dlls/advapi32/lsa.c
+@@ -404,14 +404,18 @@ NTSTATUS WINAPI LsaLookupNames2( LSA_HANDLE policy, ULONG flags, ULONG count,
+     sid = (SID *)(*sids + count);
+ 
+     /* use maximum domain count */
+-    if (!(*domains = heap_alloc(sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION)*count +
+-                                sid_size_total + domainname_size_total*sizeof(WCHAR))))
++    if (!(*domains = heap_alloc(sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION) * (count + 1) +
++                                sid_size_total + domainname_size_total * sizeof(WCHAR))))
+     {
+         heap_free(*sids);
+         return STATUS_NO_MEMORY;
+     }
+     (*domains)->Entries = 0;
+-    (*domains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*domains + sizeof(LSA_REFERENCED_DOMAIN_LIST));
++    (*domains)->Domains = (LSA_TRUST_INFORMATION*)((char*)*domains +
++                          sizeof(LSA_REFERENCED_DOMAIN_LIST) + sizeof(LSA_TRUST_INFORMATION));
++    (*domains)->Domains[-1].Sid = NULL;
++    RtlInitUnicodeStringEx(&(*domains)->Domains[-1].Name, NULL);
++
+     domain_data = (char*)(*domains)->Domains + sizeof(LSA_TRUST_INFORMATION)*count;
+ 
+     domain.Buffer = heap_alloc(domain_size_max*sizeof(WCHAR));
+-- 
+2.3.5
+