GetSecurityDescriptor recursive loop

Jul 9, 2009 at 12:06 PM

In the current implementation of the GetSecurityDescriptor the search engine will get in a unending recursive loop if the ACl is larger then 1024 bytes. (about 40 logins)

This is because when the ACL is larger the HRESULT.ERROR_INSUFFICIENT_BUFFER error is thrown, but contains the incorrect value. Therefor the size is not adjusted and will result in another HRESULT.ERROR_INSUFFICIENT_BUFFER.

To fix this change the following in the HRESULT enumeration:

ERROR_INSUFFICIENT_BUFFER = 0x00000122

must be:

ERROR_INSUFFICIENT_BUFFER = 0x8007007A

After this change everything works smoothly.

I did dig 2 days into this before I found the comment from tatsuki on this page: http://sharepointsearch.com/cs/files/folders/searchtools/entry7972.aspx

It seems my two days are nothing compared to his couple of months tracking this :).