This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi folks, When playing with Cygwin / MSYS2 on Wine, I found a crashing related to LsaLookupSids. In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from arg.full_acc->dom to dom: 1768 *wcpncpy (dom, arg.full_acc->dom->Buffer, 1769 arg.full_acc->dom->Length / sizeof (WCHAR)) = L'\0'; where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].DomainIndex] winsup/cygwin/grp.cc: 650 fetch_acc_t full_acc = 651 { 652 .sid = sidp_buf[ncnt], 653 .name = &nlst[ncnt].Name, 654 .dom = &dlst->Domains[nlst[ncnt].DomainIndex].Name, 655 .acc_type = nlst[ncnt].Use 656 }; According to my test [1]. DomainIndex can be -1 sometimes, which seems valid according to a similar MSDN entry [2]: --- snip --- Otherwise, the corresponding TranslatedNames entry MUST be updated with: Use: SidTypeUnknown. Name: Empty, unless LookupLevel is LsapLookupWksta. In that case, Name MUST contain the textual representation of the corresponding SID, as in step 2. Flags: 0x00000000 (also see the following paragraph). DomainIndex: -1. --- snip --- On windows, I never found crashing when accessing to Domains[-1]: While it might be safe, but it might not be meaningful, here is an example output of content of Domains[-1]: lsa.c:431: haha names[8].DomainIndex -1 lsa.c:432: use 8 /* SidTypeUnknown */ lsa.c:433: name L"S-1-5-5-0-117053" lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */ lsa.c:436: domain sid 00000020 /* not like a valid sid */ By comparing to a normal output, I strongly doubt Domains[-1] is meaningful. lsa.c:431: names[7].DomainIndex 1 lsa.c:432: use 5 lsa.c:433: name L"This Organization" lsa.c:434: domain name L"NT AUTHORITY" lsa.c:436: domain sid 009808E8 Anyone know whether it is expected to access Domains[-1] in this case? On Wine, accessing to Domains[-1] cause a crashing, I'll proposal a patch to Wine to workaround this [as attachment], but it would be great to see this issue also fixed at the Cygwin side if it is a hidden bug. Thanks for any comments and keep the great work! [1] https://testbot.winehq.org/JobDetails.pl?Key=12577 (see attachment for test case source code) [2] https://msdn.microsoft.com/en-us/library/cc234496.aspx -- Regards, Qian Hong - http://www.winehq.org
Attachment:
0001-advapi32-prepend-a-hidden-Domain-1-to-prevent-applicat.txt
Description: Text document
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |