Voila! This new parser should catch all invalid security descriptor ACLs... I
only hope that it doesn't block valid ones. Probably makes sense to do some testing
before the release. ;)
As we probably shouldn't remove ACL_Compat too soon, we have to maintain it unfortunately...
It would crash easily at the moment, when the extended attribute contains invalid data.
This patch is the easy part, there are a lot more issues left in the parser.
Checking for the length is not sufficient. The values contained in the SD (like AceCount) could
still be garbage, and lead to errors when the SD is processed later.
It is a bit risky to use two different values for mem_alloc and memcpy - under some circumstances
these values probably don't match, leading to an invalid memory access. As the ACLs are accessed
without any special checks this shows that we'll also need additional protection in one of the
earlier patches.
I think its more clear when all functions that take a tuple (struct stat, ULONG attr)
use the same argument order. Besides that I've removed the "const" prefix from ULONG
variables.
