From 36ded73f80fc2de459d58c164ab5cded92336358 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Lend=C3=ADnez?=
 <52505803+JaviLendi@users.noreply.github.com>
Date: Sun, 10 May 2026 11:09:58 +0200
Subject: [PATCH] Potential fix for code scanning alert no. 243: Setting a DACL
 to NULL in a SECURITY_DESCRIPTOR

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/utils/WinUtil.cpp | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/utils/WinUtil.cpp b/src/utils/WinUtil.cpp
index 2ed02900e49..55d9c54178b 100755
--- a/src/utils/WinUtil.cpp
+++ b/src/utils/WinUtil.cpp
@@ -565,14 +565,20 @@ static void ResetRegKeyAcl(HKEY hkey, const char* keyName) {
         return;
     }
     SECURITY_DESCRIPTOR secdesc;
-    InitializeSecurityDescriptor(&secdesc, SECURITY_DESCRIPTOR_REVISION);
+    if (!InitializeSecurityDescriptor(&secdesc, SECURITY_DESCRIPTOR_REVISION)) {
+        RegCloseKey(hKey);
+        return;
+    }
 
-#pragma warning(push)
-#pragma warning(disable : 6248)
-    // "Setting a SECURITY_DESCRIPTOR's DACL to nullptr will result in an unprotected object"
-    // https://docs.microsoft.com/en-us/cpp/code-quality/c6248?view=msvc-170
-    SetSecurityDescriptorDacl(&secdesc, TRUE, nullptr, TRUE);
-#pragma warning(pop)
+    ACL dacl;
+    if (!InitializeAcl(&dacl, sizeof(dacl), ACL_REVISION)) {
+        RegCloseKey(hKey);
+        return;
+    }
+    if (!SetSecurityDescriptorDacl(&secdesc, TRUE, &dacl, FALSE)) {
+        RegCloseKey(hKey);
+        return;
+    }
 
     RegSetKeySecurity(hKey, DACL_SECURITY_INFORMATION, &secdesc);
     RegCloseKey(hKey);