diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
index 7380786..c5a74ce 100644
--- a/dlls/ntdll/sec.c
+++ b/dlls/ntdll/sec.c
@@ -1569,33 +1569,57 @@ NTSTATUS WINAPI NtSetSecurityObject(HAND
     if (!SecurityDescriptor) return STATUS_ACCESS_VIOLATION;
 
     memset( &sd, 0, sizeof(sd) );
-    RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    status=RtlGetControlSecurityDescriptor( SecurityDescriptor, &control, &revision );
+    if (status != STATUS_SUCCESS) {
+        WARN("RtlGetControlSecurityDescriptor failed\n");
+        return status;
+    }
     sd.control = control & ~SE_SELF_RELATIVE;
 
     if (SecurityInformation & OWNER_SECURITY_INFORMATION)
     {
-        RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        status=RtlGetOwnerSecurityDescriptor( SecurityDescriptor, &owner, &defaulted );
+        if (status != STATUS_SUCCESS) {
+            WARN("RtlGetOwnerSecurityDescriptor failed\n");
+            return status;
+        }
         if (!(sd.owner_len = RtlLengthSid( owner )))
             return STATUS_INVALID_SECURITY_DESCR;
     }
 
     if (SecurityInformation & GROUP_SECURITY_INFORMATION)
     {
-        RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        status=RtlGetGroupSecurityDescriptor( SecurityDescriptor, &group, &defaulted );
+        if (status != STATUS_SUCCESS) {
+            WARN("RtlGetGroupSecurityDescriptor failed\n");
+            return status;
+        }
         if (!(sd.group_len = RtlLengthSid( group )))
             return STATUS_INVALID_SECURITY_DESCR;
     }
 
     if (SecurityInformation & SACL_SECURITY_INFORMATION)
     {
-        RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
+        status=RtlGetSaclSecurityDescriptor( SecurityDescriptor, &present, &sacl, &defaulted );
+        if (status != STATUS_SUCCESS) {
+            WARN("RtlGetSaclSecurityDescriptor failed\n");
+            return status;
+        }
         sd.sacl_len = present ? sacl->AclSize : 0;
         sd.control |= SE_SACL_PRESENT;
     }
 
     if (SecurityInformation & DACL_SECURITY_INFORMATION)
     {
-        RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
+        status=RtlGetDaclSecurityDescriptor( SecurityDescriptor, &present, &dacl, &defaulted );
+        if (status != STATUS_SUCCESS) {
+            WARN("RtlGetDaclSecurityDescriptor failed\n");
+            return status;
+        }
+        if (!dacl) {
+            WARN("RtlGetDaclSecurityDescriptor returned NULL dacl?\n");
+            return STATUS_INVALID_SECURITY_DESCR;
+        }
         sd.dacl_len = present ? dacl->AclSize : 0;
         sd.control |= SE_DACL_PRESENT;
     }