global: use SECURITY_DESCRIPTOR apis from x/sys/windows

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-09-16 23:36:49 -0600
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-09-23 15:29:18 +0200
commit: 6f66c7697d3bb6a259bf8d0261490cdee0ef8986 (patch)
tree: 1f123998f801c375674326ba7946da568be32df0 /tunnel/firewall/rules.go
parent: updater: use correct length for security attributes (diff)
download: wireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.tar.xz
wireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/tunnel/firewall/rules.go b/tunnel/firewall/rules.go
index 0ef64692..7bca508b 100644
--- a/tunnel/firewall/rules.go
+++ b/tunnel/firewall/rules.go
@@ -154,14 +154,13 @@ func permitWireGuardService(session uintptr, baseObjects *baseObjects, weight ui
 	if err != nil {
 		return wrapErr(err)
 	}
-	defer windows.LocalFree(windows.Handle(unsafe.Pointer(sd.data)))
 
 	conditions[1] = wtFwpmFilterCondition0{
 		fieldKey:  cFWPM_CONDITION_ALE_USER_ID,
 		matchType: cFWP_MATCH_EQUAL,
 		conditionValue: wtFwpConditionValue0{
 			_type: cFWP_SECURITY_DESCRIPTOR_TYPE,
-			value: uintptr(unsafe.Pointer(sd)),
+			value: uintptr(unsafe.Pointer(&wtFwpByteBlob{sd.Length(), (*byte)(unsafe.Pointer(sd))})),
 		},
 	}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-09-16 23:36:49 -0600
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-09-23 15:29:18 +0200
commit	6f66c7697d3bb6a259bf8d0261490cdee0ef8986 (patch)
tree	1f123998f801c375674326ba7946da568be32df0 /tunnel/firewall/rules.go
parent	updater: use correct length for security attributes (diff)
download	wireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.tar.xz wireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.zip