This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch] Recent security improvements breaks proftpd


Corinna Vinschen wrote:
> 
> On Fri, Sep 26, 2003 at 09:43:38AM -0400, Pierre A. Humblet wrote:
> > Corinna Vinschen wrote:
> > >
> > > On Fri, Sep 26, 2003 at 02:53:28PM +0200, Corinna Vinschen wrote:
> > > > Btw., shouldn't that be
> > > >
> > > >   SetTokenInformation (ptok, TokenDefaultDacl, pdacl, pAcl->AclSize)
> > > >                                                       ^^^^^^^^^^^^^
> > > >                                                     instead of sizeof(buf)?
> > >
> > > Urgh.  What I meant was:
> > >
> > >   sizeof *pdacl + pAcl->AclSize
> > >
> > That makes for 3 possibilities but there is a 4th one: sizeof (* pdacl)
> > (i.e. 4 bytes).
> 
> No, that doesn't make sense.  The buffer is used for the whole data.
> We can keep sizeof(acl_buf) if you like this better but I'm wondering
> if that could also make a difference when calling SetTokenInformation.
> Due to missing source code of Windows, I just have no idea how intelligent
> the code behind that function is :-)

I agree that it's somewhat stange, but I just recompiled and it works fine
on NT4.

MS says:
TokenInformationLength 
[in] Specifies the length, in bytes, of the buffer pointed to by TokenInformation. 

(which is the pdacl).

So they must look at the pdacl, which points to the acl, which could be 
non-contiguous (there is no talk about "self-relative" or some such in this case).
Then they must copy the acl, up to AclSize, without bothering to analyze the acl
contents and remove the potentially empty tail. 
As you say, it would be nice (TM) to have the source code.

Of course in the GetTokenInformation the size must be that of the whole buffer in which
both the pdacl and the acl are written contiguously.

Pierre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]