JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cygwin: load_user_profile: fix use-after-free issue

Browse Source 
In case of a local machine account login, pi.lpProfilePath points
to the buffer returned by NetUserGetInfo, but NetApiBufferFree
is called prior to calling LoadUserProfileW.  Fix by copying over
usri3_profile to the local userpath buffer, just as in the AD case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-03-01 21:04:02 +01:00
parent 6aef5a46d7
commit 7ba9d12a72
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
winsup/cygwin/sec_auth.cc
View File

@ -267,7 +267,11 @@ load_user_profile (HANDLE token, struct passwd *pw, cygpsid &usersid)
else else
{ {
if (ui->usri3_profile && *ui->usri3_profile) if (ui->usri3_profile && *ui->usri3_profile)
pi.lpProfilePath = ui->usri3_profile; {
wcsncpy (userpath, ui->usri3_profile, MAX_PATH - 1);
userpath[MAX_PATH - 1] = L'\0';
pi.lpProfilePath = userpath;
}
NetApiBufferFree (ui); NetApiBufferFree (ui);
} }
} }