diff options
-rw-r--r-- | winsup/cygwin/ChangeLog | 7 | ||||
-rw-r--r-- | winsup/cygwin/security.cc | 65 |
2 files changed, 31 insertions, 41 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 09e6a27..6aabfab 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,10 @@ +2002-06-29 Pierre Humblet <pierre.humblet@ieee.org> + + * security.cc (extract_nt_dom_user): Check for all buffer overflows. + Call LookupAccountSid after trying to get domain & user from passwd. + (get_group_sidlist): Obtain the domain and user by calling + extract_nt_dom_user instead of LookupAccountSid. + 2002-06-29 Christopher Faylor <cgf@redhat.com> * uinfo.cc (cygheap_user::test_uid): Use standard issetuid test. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 74c4a17..b587af2 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -60,43 +60,34 @@ cygwin_set_impersonation_token (const HANDLE hToken) void extract_nt_dom_user (const struct passwd *pw, char *domain, char *user) { - cygsid psid; - DWORD ulen = UNLEN + 1; - DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1; - SID_NAME_USE use; - char buf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2]; - char *c; + char *d, *u, *c; - strcpy (domain, ""); - strcpy (buf, pw->pw_name); + domain[0] = 0; + strlcpy (user, pw->pw_name, UNLEN+1); debug_printf ("pw_gecos = %x (%s)", pw->pw_gecos, pw->pw_gecos); - if (psid.getfrompw (pw) && - LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use)) - return; - - if (pw->pw_gecos) - { - if ((c = strstr (pw->pw_gecos, "U-")) != NULL && - (c == pw->pw_gecos || c[-1] == ',')) - { - buf[0] = '\0'; - strncat (buf, c + 2, INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 1); - if ((c = strchr (buf, ',')) != NULL) - *c = '\0'; - } - } - if ((c = strchr (buf, '\\')) != NULL) - { - *c++ = '\0'; - strcpy (domain, buf); - strcpy (user, c); - } - else + if ((d = strstr (pw->pw_gecos, "U-")) != NULL && + (d == pw->pw_gecos || d[-1] == ',')) { - strcpy (domain, ""); - strcpy (user, buf); + c = strchr (d + 2, ','); + if ((u = strchr (d + 2, '\\')) == NULL || (c != NULL && u > c)) + u = d + 1; + else if (u - d <= INTERNET_MAX_HOST_NAME_LENGTH + 2) + strlcpy(domain, d + 2, u - d - 1); + if (c == NULL) + c = u + UNLEN + 1; + if (c - u <= UNLEN + 1) + strlcpy(user, u + 1, c - u); } + if (domain[0]) + return; + + cygsid psid; + DWORD ulen = UNLEN + 1; + DWORD dlen = INTERNET_MAX_HOST_NAME_LENGTH + 1; + SID_NAME_USE use; + if (psid.getfrompw (pw)) + LookupAccountSid (NULL, psid, user, &ulen, domain, &dlen, &use); } extern "C" HANDLE @@ -490,18 +481,9 @@ get_group_sidlist (cygsidlist &grp_list, char domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; WCHAR wserver[INTERNET_MAX_HOST_NAME_LENGTH + 3]; char server[INTERNET_MAX_HOST_NAME_LENGTH + 3]; - DWORD ulen = sizeof (user); - DWORD dlen = sizeof (domain); - SID_NAME_USE use; cygsidlist sup_list; auth_pos = -1; - if (!LookupAccountSid (NULL, usersid, user, &ulen, domain, &dlen, &use)) - { - debug_printf ("LookupAccountSid () %E"); - __seterrno (); - return FALSE; - } grp_list += well_known_world_sid; if (usersid == well_known_system_sid) @@ -511,6 +493,7 @@ get_group_sidlist (cygsidlist &grp_list, } else { + extract_nt_dom_user (pw, domain, user); if (!get_logon_server (domain, server, wserver)) return FALSE; if (my_grps) |