aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--winsup/cygwin/ChangeLog7
-rw-r--r--winsup/cygwin/security.cc65
2 files changed, 31 insertions, 41 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 09e6a27..6aabfab 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,10 @@
+2002-06-29 Pierre Humblet <pierre.humblet@ieee.org>
+
+ * security.cc (extract_nt_dom_user): Check for all buffer overflows.
+ Call LookupAccountSid after trying to get domain & user from passwd.
+ (get_group_sidlist): Obtain the domain and user by calling
+ extract_nt_dom_user instead of LookupAccountSid.
+
2002-06-29 Christopher Faylor <cgf@redhat.com>
* uinfo.cc (cygheap_user::test_uid): Use standard issetuid test.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 74c4a17..b587af2 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -60,43 +60,34 @@ cygwin_set_impersonation_token (const HANDLE hToken)
void
extract_nt_dom_user (const struct passwd *pw, char *domain, char *user)
{
- cygsid psid;
- DWORD ulen = UNLEN + 1;
- DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
- SID_NAME_USE use;
- char buf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
- char *c;
+ char *d, *u, *c;
- strcpy (domain, "");
- strcpy (buf, pw->pw_name);
+ domain[0] = 0;
+ strlcpy (user, pw->pw_name, UNLEN+1);
debug_printf ("pw_gecos = %x (%s)", pw->pw_gecos, pw->pw_gecos);
- if (psid.getfrompw (pw) &&
- LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use))
- return;
-
- if (pw->pw_gecos)
- {
- if ((c = strstr (pw->pw_gecos, "U-")) != NULL &&
- (c == pw->pw_gecos || c[-1] == ','))
- {
- buf[0] = '\0';
- strncat (buf, c + 2, INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 1);
- if ((c = strchr (buf, ',')) != NULL)
- *c = '\0';
- }
- }
- if ((c = strchr (buf, '\\')) != NULL)
- {
- *c++ = '\0';
- strcpy (domain, buf);
- strcpy (user, c);
- }
- else
+ if ((d = strstr (pw->pw_gecos, "U-")) != NULL &&
+ (d == pw->pw_gecos || d[-1] == ','))
{
- strcpy (domain, "");
- strcpy (user, buf);
+ c = strchr (d + 2, ',');
+ if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c))
+ u = d + 1;
+ else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2)
+ strlcpy(domain, d + 2, u - d - 1);
+ if (c == NULL)
+ c = u + UNLEN + 1;
+ if (c - u <= UNLEN + 1)
+ strlcpy(user, u + 1, c - u);
}
+ if (domain[0])
+ return;
+
+ cygsid psid;
+ DWORD ulen = UNLEN + 1;
+ DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1;
+ SID_NAME_USE use;
+ if (psid.getfrompw (pw))
+ LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use);
}
extern "C" HANDLE
@@ -490,18 +481,9 @@ get_group_sidlist (cygsidlist &grp_list,
char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
WCHAR wserver[INTERNET_MAX_HOST_NAME_LENGTH + 3];
char server[INTERNET_MAX_HOST_NAME_LENGTH + 3];
- DWORD ulen = sizeof (user);
- DWORD dlen = sizeof (domain);
- SID_NAME_USE use;
cygsidlist sup_list;
auth_pos = -1;
- if (!LookupAccountSid (NULL, usersid, user, &ulen, domain, &dlen, &use))
- {
- debug_printf ("LookupAccountSid () %E");
- __seterrno ();
- return FALSE;
- }
grp_list += well_known_world_sid;
if (usersid == well_known_system_sid)
@@ -511,6 +493,7 @@ get_group_sidlist (cygsidlist &grp_list,
}
else
{
+ extract_nt_dom_user (pw, domain, user);
if (!get_logon_server (domain, server, wserver))
return FALSE;
if (my_grps)