This is the mail archive of the
mailing list for the Cygwin project.
Re: [Patch] Recent security improvements breaks proftpd
Corinna Vinschen wrote:
> On Fri, Sep 26, 2003 at 09:43:38AM -0400, Pierre A. Humblet wrote:
> > Corinna Vinschen wrote:
> > >
> > > On Fri, Sep 26, 2003 at 02:53:28PM +0200, Corinna Vinschen wrote:
> > > > Btw., shouldn't that be
> > > >
> > > > SetTokenInformation (ptok, TokenDefaultDacl, pdacl, pAcl->AclSize)
> > > > ^^^^^^^^^^^^^
> > > > instead of sizeof(buf)?
> > >
> > > Urgh. What I meant was:
> > >
> > > sizeof *pdacl + pAcl->AclSize
> > >
> > That makes for 3 possibilities but there is a 4th one: sizeof (* pdacl)
> > (i.e. 4 bytes).
> No, that doesn't make sense. The buffer is used for the whole data.
> We can keep sizeof(acl_buf) if you like this better but I'm wondering
> if that could also make a difference when calling SetTokenInformation.
> Due to missing source code of Windows, I just have no idea how intelligent
> the code behind that function is :-)
I agree that it's somewhat stange, but I just recompiled and it works fine
[in] Specifies the length, in bytes, of the buffer pointed to by TokenInformation.
(which is the pdacl).
So they must look at the pdacl, which points to the acl, which could be
non-contiguous (there is no talk about "self-relative" or some such in this case).
Then they must copy the acl, up to AclSize, without bothering to analyze the acl
contents and remove the potentially empty tail.
As you say, it would be nice (TM) to have the source code.
Of course in the GetTokenInformation the size must be that of the whole buffer in which
both the pdacl and the acl are written contiguously.