Index: ntoskrnl/se/sd.c
===================================================================
--- ntoskrnl/se/sd.c	(revision 72645)
+++ ntoskrnl/se/sd.c	(working copy)
@@ -50,7 +50,10 @@
     SePublicDefaultUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                                           sizeof(SECURITY_DESCRIPTOR), TAG_SD);
     if (SePublicDefaultUnrestrictedSd == NULL)
+    {
+        ExFreePoolWithTag(SePublicDefaultSd, TAG_SD);
         return FALSE;
+    }
 
     RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
                                 SECURITY_DESCRIPTOR_REVISION);
@@ -63,7 +66,11 @@
     SePublicOpenSd = ExAllocatePoolWithTag(PagedPool,
                                            sizeof(SECURITY_DESCRIPTOR), TAG_SD);
     if (SePublicOpenSd == NULL)
+    {
+        ExFreePoolWithTag(SePublicDefaultSd, TAG_SD);
+        ExFreePoolWithTag(SePublicDefaultUnrestrictedSd, TAG_SD);
         return FALSE;
+    }
 
     RtlCreateSecurityDescriptor(SePublicOpenSd,
                                 SECURITY_DESCRIPTOR_REVISION);
@@ -76,7 +83,12 @@
     SePublicOpenUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                                        sizeof(SECURITY_DESCRIPTOR), TAG_SD);
     if (SePublicOpenUnrestrictedSd == NULL)
+    {
+        ExFreePoolWithTag(SePublicDefaultSd, TAG_SD);
+        ExFreePoolWithTag(SePublicDefaultUnrestrictedSd, TAG_SD);
+        ExFreePoolWithTag(SePublicOpenSd, TAG_SD);
         return FALSE;
+    }
 
     RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
                                 SECURITY_DESCRIPTOR_REVISION);
@@ -89,7 +101,13 @@
     SeSystemDefaultSd = ExAllocatePoolWithTag(PagedPool,
                                               sizeof(SECURITY_DESCRIPTOR), TAG_SD);
     if (SeSystemDefaultSd == NULL)
+    {
+        ExFreePoolWithTag(SePublicDefaultSd, TAG_SD);
+        ExFreePoolWithTag(SePublicDefaultUnrestrictedSd, TAG_SD);
+        ExFreePoolWithTag(SePublicOpenSd, TAG_SD);
+        ExFreePoolWithTag(SePublicOpenUnrestrictedSd, TAG_SD);
         return FALSE;
+    }
 
     RtlCreateSecurityDescriptor(SeSystemDefaultSd,
                                 SECURITY_DESCRIPTOR_REVISION);
@@ -102,7 +120,14 @@
     SeUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                              sizeof(SECURITY_DESCRIPTOR), TAG_SD);
     if (SeUnrestrictedSd == NULL)
+    {
+        ExFreePoolWithTag(SePublicDefaultSd, TAG_SD);
+        ExFreePoolWithTag(SePublicDefaultUnrestrictedSd, TAG_SD);
+        ExFreePoolWithTag(SePublicOpenSd, TAG_SD);
+        ExFreePoolWithTag(SePublicOpenUnrestrictedSd, TAG_SD);
+        ExFreePoolWithTag(SeSystemDefaultSd, TAG_SD);
         return FALSE;
+    }
 
     RtlCreateSecurityDescriptor(SeUnrestrictedSd,
                                 SECURITY_DESCRIPTOR_REVISION);