diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2015-02-25 23:18:29 +0300 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2015-02-25 23:18:29 +0300 |
| commit | 773f4fa586a3403db1dfa18e6b22158eb28f618a (patch) | |
| tree | c45dd00ce1ba2adde224d2d2e45c68ea86f701ae /winsup/utils/mkpasswd.c | |
| parent | 0066e440c1398326e7d6ca43fae630b46a1b5a2d (diff) | |
* mkgroup.c (MAX_SID_LEN): Remove. Instead, use SECURITY_MAX_SID_SIZE
throughout.
(enum_unix_groups): Introduce numeric_psid and rearrange code to avoid
potential heap corruption.
* mkpasswd.c: Ditto.
Diffstat (limited to 'winsup/utils/mkpasswd.c')
| -rw-r--r-- | winsup/utils/mkpasswd.c | 48 |
1 files changed, 25 insertions, 23 deletions
diff --git a/winsup/utils/mkpasswd.c b/winsup/utils/mkpasswd.c index 553c993cc..21b51091b 100644 --- a/winsup/utils/mkpasswd.c +++ b/winsup/utils/mkpasswd.c @@ -1,7 +1,7 @@ /* mkpasswd.c: Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2008, 2009, - 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. + 2010, 2011, 2012, 2013, 2014, 2015 Red Hat, Inc. This file is part of Cygwin. @@ -35,8 +35,6 @@ #define print_win_error(x) _print_win_error(x, __LINE__) -#define MAX_SID_LEN 40 - SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY}; @@ -134,7 +132,8 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset, WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; DWORD ulen, dlen, sidlen; PSID psid; - char psid_buffer[MAX_SID_LEN]; + PSID numeric_psid; + char psid_buffer[SECURITY_MAX_SID_SIZE]; SID_NAME_USE acc_type; int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1); @@ -145,12 +144,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset, return; } - if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0, &psid)) + if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0, + &numeric_psid)) return; if (!(user_list = strdup (unix_user_list))) { - FreeSid (psid); + FreeSid (numeric_psid); return; } @@ -161,14 +161,16 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset, PWCHAR p = wcpcpy (user, L"Unix User\\"); ret = mbstowcs (p, ustr, UNLEN + 1); if (ret < 1 || ret >= UNLEN + 1) - fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n", - program_invocation_short_name, ustr); - else if (LookupAccountNameW (machine, user, - psid = (PSID) psid_buffer, - (sidlen = MAX_SID_LEN, &sidlen), - dom, - (dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), - &acc_type)) + { + fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n", + program_invocation_short_name, ustr); + continue; + } + psid = (PSID) psid_buffer; + sidlen = SECURITY_MAX_SID_SIZE; + dlen = MAX_DOMAIN_NAME_LEN + 1; + if (LookupAccountNameW (machine, user, psid, &sidlen, + dom, &dlen, &acc_type)) printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n", "Unix_User", sep, @@ -198,13 +200,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset, } for (; start <= stop; ++ start) { + psid = numeric_psid; *GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1) = start; - if (LookupAccountSidW (machine, psid, - user, (ulen = GNLEN + 1, &ulen), - dom, - (dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), - &acc_type) + ulen = GNLEN + 1; + dlen = MAX_DOMAIN_NAME_LEN + 1; + if (LookupAccountSidW (machine, psid, user, &ulen, + dom, &dlen, &acc_type) && !iswdigit (user[0])) printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n", "Unix_User", @@ -217,7 +219,7 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset, } free (user_list); - FreeSid (psid); + FreeSid (numeric_psid); } static int @@ -279,9 +281,9 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path, char homedir_psx[PATH_MAX]; WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1]; DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1; - char psid_buffer[MAX_SID_LEN]; + char psid_buffer[SECURITY_MAX_SID_SIZE]; PSID psid = (PSID) psid_buffer; - DWORD sid_length = MAX_SID_LEN; + DWORD sid_length = SECURITY_MAX_SID_SIZE; SID_NAME_USE acc_type; int uid = buffer[i].usri3_user_id; @@ -317,7 +319,7 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path, wcscpy (domname, machine); wcscat (domname, L"\\"); wcscat (domname, buffer[i].usri3_name); - sid_length = MAX_SID_LEN; + sid_length = SECURITY_MAX_SID_SIZE; domname_len = sizeof (domname); if (!LookupAccountNameW (machine, domname, psid, &sid_length, domain_name, |