From ea503bf4c955857d9969d9896e98c7729b3ea845 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Thu, 16 Apr 2015 22:19:57 +0200 Subject: [PATCH] Better workaround owner/group SIDs being NULL * sec_acl.cc (set_posix_access): Replace previous patch. Return EINVAL if uid and/or guid is invalid and not backed by an actual Windows account. Signed-off-by: Corinna Vinschen --- winsup/cygwin/ChangeLog | 6 ++++++ winsup/cygwin/sec_acl.cc | 12 ++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index f645031a0..ce198e2df 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,9 @@ +2015-04-16 Corinna Vinschen + + * sec_acl.cc (set_posix_access): Replace previous patch. Return + EINVAL if uid and/or guid is invalid and not backed by an actual + Windows account. + 2015-04-16 Corinna Vinschen * sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL. diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 6c96977b7..58683cf9a 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -154,6 +154,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, /* Fetch owner and group and set in security descriptor. */ owner = sidfromuid (uid, &cldap); group = sidfromgid (gid, &cldap); + if (!owner || !group) + { + set_errno (EINVAL); + return NULL; + } status = RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE); if (!NT_SUCCESS (status)) { @@ -166,10 +171,9 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid, __seterrno_from_nt_status (status); return NULL; } - /* If the account DBs are broken, we might end up without SIDs. Better - check them here. */ - if (owner && group) - owner_eq_group = RtlEqualSid (owner, group); + owner_eq_group = RtlEqualSid (owner, group); + + /* No POSIX ACL? Use attr to generate one from scratch. */ if (!aclbufp) -- 2.43.5