JehanneOS/newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* security.cc (extract_nt_dom_user): Check for all buffer overflows.

Browse Source 
Call LookupAccountSid after trying to get domain & user from passwd.
	(get_group_sidlist): Obtain the domain and user by calling
	extract_nt_dom_user instead of LookupAccountSid.
This commit is contained in:
Corinna Vinschen 2002-06-30 13:08:59 +00:00
parent 839b294201
commit c6d90e842c
2 changed files with 32 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,10 @@
2002-06-29 Pierre Humblet <pierre.humblet@ieee.org>
* security.cc (extract_nt_dom_user): Check for all buffer overflows.
Call LookupAccountSid after trying to get domain & user from passwd.
(get_group_sidlist): Obtain the domain and user by calling
extract_nt_dom_user instead of LookupAccountSid.
2002-06-29 Christopher Faylor <cgf@redhat.com> 2002-06-29 Christopher Faylor <cgf@redhat.com>
* uinfo.cc (cygheap_user::test_uid): Use standard issetuid test. * uinfo.cc (cygheap_user::test_uid): Use standard issetuid test.

67
winsup/cygwin/security.cc
View File

@ -60,43 +60,34 @@ cygwin_set_impersonation_token (const HANDLE hToken)
void void
extract_nt_dom_user (const struct passwd *pw, char *domain, char *user) extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
{ {
char *d, *u, *c;
domain[0] = 0;
strlcpy (user, pw->pw_name, UNLEN+1);
debug_printf ("pw_gecos = %x (%s)", pw->pw_gecos, pw->pw_gecos);
if ((d = strstr (pw->pw_gecos, "U-")) != NULL &&
(d == pw->pw_gecos || d[-1] == ','))
{
c = strchr (d + 2, ',');
if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c))
u = d + 1;
else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2)
strlcpy(domain, d + 2, u - d - 1);
if (c == NULL)
c = u + UNLEN + 1;
if (c - u <= UNLEN + 1)
strlcpy(user, u + 1, c - u);
}
if (domain[0])
return;
cygsid psid; cygsid psid;
DWORD ulen = UNLEN + 1; DWORD ulen = UNLEN + 1;
DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1; DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
SID_NAME_USE use; SID_NAME_USE use;
char buf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2]; if (psid.getfrompw (pw))
char *c; LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use);
strcpy (domain, "");
strcpy (buf, pw->pw_name);
debug_printf ("pw_gecos = %x (%s)", pw->pw_gecos, pw->pw_gecos);
if (psid.getfrompw (pw) &&
LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use))
return;
if (pw->pw_gecos)
{
if ((c = strstr (pw->pw_gecos, "U-")) != NULL &&
(c == pw->pw_gecos || c[-1] == ','))
{
buf[0] = '\0';
strncat (buf, c + 2, INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 1);
if ((c = strchr (buf, ',')) != NULL)
*c = '\0';
}
}
if ((c = strchr (buf, '\\')) != NULL)
{
*c++ = '\0';
strcpy (domain, buf);
strcpy (user, c);
}
else
{
strcpy (domain, "");
strcpy (user, buf);
}
} }
extern "C" HANDLE extern "C" HANDLE
@ -490,18 +481,9 @@ get_group_sidlist (cygsidlist &grp_list,
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
WCHAR wserver[INTERNET_MAX_HOST_NAME_LENGTH + 3]; WCHAR wserver[INTERNET_MAX_HOST_NAME_LENGTH + 3];
char server[INTERNET_MAX_HOST_NAME_LENGTH + 3]; char server[INTERNET_MAX_HOST_NAME_LENGTH + 3];
DWORD ulen = sizeof (user);
DWORD dlen = sizeof (domain);
SID_NAME_USE use;
cygsidlist sup_list; cygsidlist sup_list;
auth_pos = -1; auth_pos = -1;
if (!LookupAccountSid (NULL, usersid, user, &ulen, domain, &dlen, &use))
{
debug_printf ("LookupAccountSid () %E");
__seterrno ();
return FALSE;
}
grp_list += well_known_world_sid; grp_list += well_known_world_sid;
if (usersid == well_known_system_sid) if (usersid == well_known_system_sid)
@ -511,6 +493,7 @@ get_group_sidlist (cygsidlist &grp_list,
} }
else else
{ {
extract_nt_dom_user (pw, domain, user);
if (!get_logon_server (domain, server, wserver)) if (!get_logon_server (domain, server, wserver))
return FALSE; return FALSE;
if (my_grps) if (my_grps)