JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* mkgroup.c (MAX_SID_LEN): Remove. Instead, use SECURITY_MAX_SID_SIZE

Browse Source 
throughout.
	(enum_unix_groups): Introduce numeric_psid and rearrange code to avoid
	potential heap corruption.
	* mkpasswd.c: Ditto.
This commit is contained in:
Corinna Vinschen 2015-02-25 20:18:29 +00:00
parent 0066e440c1
commit 773f4fa586
3 changed files with 61 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
winsup/utils/ChangeLog
View File

@ -1,3 +1,11 @@
2015-02-25 Corinna Vinschen <corinna@vinschen.de>
* mkgroup.c (MAX_SID_LEN): Remove. Instead, use SECURITY_MAX_SID_SIZE
throughout.
(enum_unix_groups): Introduce numeric_psid and rearrange code to avoid
potential heap corruption.
* mkpasswd.c: Ditto.
2015-02-17 Ken Brown <kbrown@cornell.edu> 2015-02-17 Ken Brown <kbrown@cornell.edu>
* dump_setup.cc (check_package_files): Accommodate postinstall * dump_setup.cc (check_package_files): Accommodate postinstall

54
winsup/utils/mkgroup.c
View File

@ -1,7 +1,7 @@
/* mkgroup.c: /* mkgroup.c:
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012, 2013, 2014 Red Hat, Inc. 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 Red Hat, Inc.
This file is part of Cygwin. This file is part of Cygwin.
@ -34,8 +34,6 @@
#define print_win_error(x) _print_win_error(x, __LINE__) #define print_win_error(x) _print_win_error(x, __LINE__)
#define MAX_SID_LEN 40
SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY}; SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
@ -132,7 +130,8 @@ enum_unix_groups (domlist_t *mach, const char *sep, DWORD id_offset,
WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
DWORD glen, dlen, sidlen; DWORD glen, dlen, sidlen;
PSID psid; PSID psid;
char psid_buffer[MAX_SID_LEN]; PSID numeric_psid;
char psid_buffer[SECURITY_MAX_SID_SIZE];
SID_NAME_USE acc_type; SID_NAME_USE acc_type;
int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1); int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1);
@ -143,12 +142,13 @@ enum_unix_groups (domlist_t *mach, const char *sep, DWORD id_offset,
return; return;
} }
if (!AllocateAndInitializeSid (&auth, 2, 2, 0, 0, 0, 0, 0, 0, 0, &psid)) if (!AllocateAndInitializeSid (&auth, 2, 2, 0, 0, 0, 0, 0, 0, 0,
&numeric_psid))
return; return;
if (!(grp_list = strdup (unix_grp_list))) if (!(grp_list = strdup (unix_grp_list)))
{ {
FreeSid (psid); FreeSid (numeric_psid);
return; return;
} }
@ -159,14 +159,16 @@ enum_unix_groups (domlist_t *mach, const char *sep, DWORD id_offset,
PWCHAR p = wcpcpy (grp, L"Unix Group\\"); PWCHAR p = wcpcpy (grp, L"Unix Group\\");
ret = mbstowcs (p, gstr, GNLEN + 1); ret = mbstowcs (p, gstr, GNLEN + 1);
if (ret < 1 || ret >= GNLEN + 1) if (ret < 1 || ret >= GNLEN + 1)
fprintf (stderr, "%s: Invalid group name '%s'. Skipping...\n", {
program_invocation_short_name, gstr); fprintf (stderr, "%s: Invalid group name '%s'. Skipping...\n",
else if (LookupAccountNameW (machine, grp, program_invocation_short_name, gstr);
psid = (PSID) psid_buffer, continue;
(sidlen = MAX_SID_LEN, &sidlen), }
dom, psid = (PSID) psid_buffer;
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), sidlen = SECURITY_MAX_SID_SIZE;
&acc_type)) dlen = MAX_DOMAIN_NAME_LEN + 1;
if (LookupAccountNameW (machine, grp, psid, &sidlen,
dom, &dlen, &acc_type))
printf ("%s%s%ls:%s:%" PRIu32 ":\n", printf ("%s%s%ls:%s:%" PRIu32 ":\n",
"Unix_Group", "Unix_Group",
sep, sep,
@ -196,13 +198,13 @@ enum_unix_groups (domlist_t *mach, const char *sep, DWORD id_offset,
} }
for (; start <= stop; ++ start) for (; start <= stop; ++ start)
{ {
psid = numeric_psid;
*GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1) *GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1)
= start; = start;
if (LookupAccountSidW (machine, psid, glen = GNLEN + 1;
grp, (glen = GNLEN + 1, &glen), dlen = MAX_DOMAIN_NAME_LEN + 1;
dom, if (LookupAccountSidW (machine, psid, grp, &glen,
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), dom, &dlen, &acc_type)
&acc_type)
&& !iswdigit (grp[0])) && !iswdigit (grp[0]))
printf ("%s%s%ls:%s:%" PRIu32 ":\n", printf ("%s%s%ls:%s:%" PRIu32 ":\n",
"Unix_Group", "Unix_Group",
@ -215,7 +217,7 @@ enum_unix_groups (domlist_t *mach, const char *sep, DWORD id_offset,
} }
free (grp_list); free (grp_list);
FreeSid (psid); FreeSid (numeric_psid);
} }
static int static int
@ -278,9 +280,9 @@ enum_local_groups (domlist_t *mach, const char *sep,
{ {
WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1]; WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1];
DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1; DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1;
char psid_buffer[MAX_SID_LEN]; char psid_buffer[SECURITY_MAX_SID_SIZE];
PSID psid = (PSID) psid_buffer; PSID psid = (PSID) psid_buffer;
DWORD sid_length = MAX_SID_LEN; DWORD sid_length = SECURITY_MAX_SID_SIZE;
DWORD gid; DWORD gid;
SID_NAME_USE acc_type; SID_NAME_USE acc_type;
PDBGSID pdsid; PDBGSID pdsid;
@ -301,7 +303,7 @@ enum_local_groups (domlist_t *mach, const char *sep,
wcscpy (domname, domain_name); wcscpy (domname, domain_name);
wcscat (domname, L"\\"); wcscat (domname, L"\\");
wcscat (domname, buffer[i].lgrpi0_name); wcscat (domname, buffer[i].lgrpi0_name);
sid_length = MAX_SID_LEN; sid_length = SECURITY_MAX_SID_SIZE;
domname_len = MAX_DOMAIN_NAME_LEN + 1; domname_len = MAX_DOMAIN_NAME_LEN + 1;
if (!LookupAccountNameW (machine, domname, if (!LookupAccountNameW (machine, domname,
psid, &sid_length, psid, &sid_length,
@ -417,9 +419,9 @@ enum_groups (domlist_t *mach, const char *sep, DWORD id_offset,
{ {
WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1]; WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1];
DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1; DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1;
char psid_buffer[MAX_SID_LEN]; char psid_buffer[SECURITY_MAX_SID_SIZE];
PSID psid = (PSID) psid_buffer; PSID psid = (PSID) psid_buffer;
DWORD sid_length = MAX_SID_LEN; DWORD sid_length = SECURITY_MAX_SID_SIZE;
SID_NAME_USE acc_type; SID_NAME_USE acc_type;
int gid = buffer[i].grpi2_group_id; int gid = buffer[i].grpi2_group_id;
@ -439,7 +441,7 @@ enum_groups (domlist_t *mach, const char *sep, DWORD id_offset,
wcscpy (domname, machine); wcscpy (domname, machine);
wcscat (domname, L"\\"); wcscat (domname, L"\\");
wcscat (domname, buffer[i].grpi2_name); wcscat (domname, buffer[i].grpi2_name);
sid_length = MAX_SID_LEN; sid_length = SECURITY_MAX_SID_SIZE;
domname_len = MAX_DOMAIN_NAME_LEN + 1; domname_len = MAX_DOMAIN_NAME_LEN + 1;
if (!LookupAccountNameW (machine, domname, psid, &sid_length, if (!LookupAccountNameW (machine, domname, psid, &sid_length,
domain_name, &domname_len, &acc_type)) domain_name, &domname_len, &acc_type))

48
winsup/utils/mkpasswd.c
View File

@ -1,7 +1,7 @@
/* mkpasswd.c: /* mkpasswd.c:
Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2008, 2009, Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2005, 2006, 2008, 2009,
2010, 2011, 2012, 2013, 2014 Red Hat, Inc. 2010, 2011, 2012, 2013, 2014, 2015 Red Hat, Inc.
This file is part of Cygwin. This file is part of Cygwin.
@ -35,8 +35,6 @@
#define print_win_error(x) _print_win_error(x, __LINE__) #define print_win_error(x) _print_win_error(x, __LINE__)
#define MAX_SID_LEN 40
SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY sid_world_auth = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY}; SID_IDENTIFIER_AUTHORITY sid_nt_auth = {SECURITY_NT_AUTHORITY};
@ -134,7 +132,8 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
DWORD ulen, dlen, sidlen; DWORD ulen, dlen, sidlen;
PSID psid; PSID psid;
char psid_buffer[MAX_SID_LEN]; PSID numeric_psid;
char psid_buffer[SECURITY_MAX_SID_SIZE];
SID_NAME_USE acc_type; SID_NAME_USE acc_type;
int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1); int ret = mbstowcs (machine, mach->str, INTERNET_MAX_HOST_NAME_LENGTH + 1);
@ -145,12 +144,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
return; return;
} }
if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0, &psid)) if (!AllocateAndInitializeSid (&auth, 2, 1, 0, 0, 0, 0, 0, 0, 0,
&numeric_psid))
return; return;
if (!(user_list = strdup (unix_user_list))) if (!(user_list = strdup (unix_user_list)))
{ {
FreeSid (psid); FreeSid (numeric_psid);
return; return;
} }
@ -161,14 +161,16 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
PWCHAR p = wcpcpy (user, L"Unix User\\"); PWCHAR p = wcpcpy (user, L"Unix User\\");
ret = mbstowcs (p, ustr, UNLEN + 1); ret = mbstowcs (p, ustr, UNLEN + 1);
if (ret < 1 || ret >= UNLEN + 1) if (ret < 1 || ret >= UNLEN + 1)
fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n", {
program_invocation_short_name, ustr); fprintf (stderr, "%s: Invalid user name '%s'. Skipping...\n",
else if (LookupAccountNameW (machine, user, program_invocation_short_name, ustr);
psid = (PSID) psid_buffer, continue;
(sidlen = MAX_SID_LEN, &sidlen), }
dom, psid = (PSID) psid_buffer;
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), sidlen = SECURITY_MAX_SID_SIZE;
&acc_type)) dlen = MAX_DOMAIN_NAME_LEN + 1;
if (LookupAccountNameW (machine, user, psid, &sidlen,
dom, &dlen, &acc_type))
printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n", printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n",
"Unix_User", "Unix_User",
sep, sep,
@ -198,13 +200,13 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
} }
for (; start <= stop; ++ start) for (; start <= stop; ++ start)
{ {
psid = numeric_psid;
*GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1) *GetSidSubAuthority (psid, *GetSidSubAuthorityCount(psid) - 1)
= start; = start;
if (LookupAccountSidW (machine, psid, ulen = GNLEN + 1;
user, (ulen = GNLEN + 1, &ulen), dlen = MAX_DOMAIN_NAME_LEN + 1;
dom, if (LookupAccountSidW (machine, psid, user, &ulen,
(dlen = MAX_DOMAIN_NAME_LEN + 1, &dlen), dom, &dlen, &acc_type)
&acc_type)
&& !iswdigit (user[0])) && !iswdigit (user[0]))
printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n", printf ("%s%s%ls:*:%" PRIu32 ":99999:,%s::\n",
"Unix_User", "Unix_User",
@ -217,7 +219,7 @@ enum_unix_users (domlist_t *mach, const char *sep, DWORD id_offset,
} }
free (user_list); free (user_list);
FreeSid (psid); FreeSid (numeric_psid);
} }
static int static int
@ -279,9 +281,9 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
char homedir_psx[PATH_MAX]; char homedir_psx[PATH_MAX];
WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1]; WCHAR domain_name[MAX_DOMAIN_NAME_LEN + 1];
DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1; DWORD domname_len = MAX_DOMAIN_NAME_LEN + 1;
char psid_buffer[MAX_SID_LEN]; char psid_buffer[SECURITY_MAX_SID_SIZE];
PSID psid = (PSID) psid_buffer; PSID psid = (PSID) psid_buffer;
DWORD sid_length = MAX_SID_LEN; DWORD sid_length = SECURITY_MAX_SID_SIZE;
SID_NAME_USE acc_type; SID_NAME_USE acc_type;
int uid = buffer[i].usri3_user_id; int uid = buffer[i].usri3_user_id;
@ -317,7 +319,7 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
wcscpy (domname, machine); wcscpy (domname, machine);
wcscat (domname, L"\\"); wcscat (domname, L"\\");
wcscat (domname, buffer[i].usri3_name); wcscat (domname, buffer[i].usri3_name);
sid_length = MAX_SID_LEN; sid_length = SECURITY_MAX_SID_SIZE;
domname_len = sizeof (domname); domname_len = sizeof (domname);
if (!LookupAccountNameW (machine, domname, psid, if (!LookupAccountNameW (machine, domname, psid,
&sid_length, domain_name, &sid_length, domain_name,