diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 3e5a87b66..c6273aa33 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+2012-03-02  Corinna Vinschen  <corinna@vinschen.de>
+
+	* flock.cc (allow_others_to_sync): Use RtlGetDaclSecurityDescriptor
+	rather than accessing the SECURITY_DESCRIPTOR structure directly.
+	Take no DACL and NULL DACL into account.
+
 2012-03-02  Corinna Vinschen  <corinna@vinschen.de>
 
 	* fhandler_console.cc (fhandler_console::input_tcsetattr): Revert
diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc
index a4d28e5f6..c66891a35 100644
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@@ -176,8 +176,22 @@ allow_others_to_sync ()
   /* Create a valid dacl pointer and set its size to be as big as
      there's room in the temporary buffer.  Note that the descriptor
      is in self-relative format. */
-  dacl = (PACL) ((char *) sd + (uintptr_t) sd->Dacl);
-  dacl->AclSize = NT_MAX_PATH * sizeof (WCHAR) - ((char *) dacl - (char *) sd);
+  BOOLEAN present, defaulted;
+  RtlGetDaclSecurityDescriptor (sd, &present, &dacl, &defaulted);
+  if (dacl == NULL) /* Everyone has all access anyway */
+    {
+      done = true;
+      return;
+    }
+  else if (!present)
+    {
+      dacl = (PACL) (sd + 1);
+      RtlCreateAcl (dacl, MAX_PROCESS_SD_SIZE - sizeof *sd, ACL_REVISION);
+    }
+  else
+    {
+      dacl->AclSize = MAX_PROCESS_SD_SIZE - ((PBYTE) dacl - (PBYTE) sd);
+    }
   /* Allow everyone to SYNCHRONIZE with this process. */
   status = RtlAddAccessAllowedAce (dacl, ACL_REVISION, SYNCHRONIZE,
 				   well_known_world_sid);