[newlib-cygwin] Cygwin: load_user_profile: fix use-after-free issue

[Corinna Vinschen]

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7ba9d12a72a722e0f20a80716dbeaf293e66a714

commit 7ba9d12a72a722e0f20a80716dbeaf293e66a714
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Fri Mar 1 21:04:02 2019 +0100

    Cygwin: load_user_profile: fix use-after-free issue
    
    In case of a local machine account login, pi.lpProfilePath points
    to the buffer returned by NetUserGetInfo, but NetApiBufferFree
    is called prior to calling LoadUserProfileW.  Fix by copying over
    usri3_profile to the local userpath buffer, just as in the AD case.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/sec_auth.cc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 0b5e112..077b37c 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -267,7 +267,11 @@ load_user_profile (HANDLE token, struct passwd *pw, cygpsid &usersid)
       else
 	{
 	  if (ui->usri3_profile && *ui->usri3_profile)
-	    pi.lpProfilePath = ui->usri3_profile;
+	    {
+	      wcsncpy (userpath, ui->usri3_profile, MAX_PATH - 1);
+	      userpath[MAX_PATH - 1] = L'\0';
+	      pi.lpProfilePath = userpath;
+	    }
 	  NetApiBufferFree (ui);
 	}
     }