lsa string translation in security.cc, on NT.
Pierre A. Humblet
Pierre.Humblet@ieee.org
Fri May 24 18:51:00 GMT 2002
Here is a partial output of what "buf" contains after the
sys_wcstombs() call on line 634 of security.cc, on NT.
9132 2103447 [main] a 705 get_priv_list: Group 8 found SeSecurityPrivilege
600 2106857 [main] a 705 get_priv_list: Group 8 found SeBackupPrivilege
622 2109275 [main] a 705 get_priv_list: Group 8 found
SeRestorePrivilegeSeSystemtimePrivilege
1713 2110988 [main] a 705 get_priv_list: Group 8 found SeSystemtimePrivilege
620 2113653 [main] a 705 get_priv_list: Group 8 found SeShutdownPrivilege
1761 2115414 [main] a 705 get_priv_list: Group 8 found
SeRemoteShutdownPrivilege
570 2117873 [main] a 705 get_priv_list: Group 8 found
SeTakeOwnershipPrivilegeSeDebugPrivilegeSeSystemEnvironmentPrivilegeSeSystem
ProfilePrivilegeSeProfileSingleProcessPrivilege
1798 2119671 [main] a 705 get_priv_list: Group 8 found
SeDebugPrivilegeSeSystemEnvironmentPrivilegeSeSystemProfilePrivilegeSeProfil
eSingleProcessPrivilege
1889 2121560 [main] a 705 get_priv_list: Group 8 found
SeSystemEnvironmentPrivilegeSeSystemProfilePrivilegeSeProfileSingleProcessPr
ivilege
2071 2123631 [main] a 705 get_priv_list: Group 8 found
SeSystemProfilePrivilegeSeProfileSingleProcessPrivilege
1873 2125504 [main] a 705 get_priv_list: Group 8 found
SeProfileSingleProcessPrivilege
567 2127962 [main] a 705 get_priv_list: Group 8 found
SeIncreaseBasePriorityPrivilege
563 2130277 [main] a 705 get_priv_list: Group 8 found SeLoadDriverPrivilege
835 2132864 [main] a 705 get_priv_list: Group 8 found
SeCreatePagefilePrivilege
568 2135186 [main] a 705 get_priv_list: Group 8 found
SeIncreaseQuotaPrivilegeSeInteractiveLogonRight
1767 2136953 [main] a 705 get_priv_list: Group 8 found
SeInteractiveLogonRight
1879 2138832 [main] a 705 get_priv_list: Group 8 found SeNetworkLogonRight
It is apparent that the even length lsa strings are not zero terminated.
The subsequent call to LookupPrivilegeValue() fails in that case.
The following patch fixes that.
Pierre
2002/05/24 Pierre Humblet <Pierre.Humblet@ieee.org>
* security.cc (lsau2str): Create.
(get_priv_list): Call lsau2str instead of sys_wcstombs.
--- security.cc.orig 2002-05-24 18:26:26.000000000 -0400
+++ security.cc 2002-05-24 18:48:12.000000000 -0400
@@ -176,6 +176,15 @@
tgt[size] = 0;
}
+static void
+lsau2str (char *dest, PLSA_UNICODE_STRING src, int size)
+{
+ if (src->Length/2 < size)
+ size = src->Length/2;
+ sys_wcstombs(dest, src->Buffer, size);
+ dest[size] = 0;
+}
+
static LSA_HANDLE
open_local_policy ()
{
@@ -631,8 +640,7 @@
PTOKEN_PRIVILEGES tmp;
DWORD tmp_count;
- sys_wcstombs (buf, privstrs[i].Buffer,
- INTERNET_MAX_HOST_NAME_LENGTH + 1);
+ lsau2str (buf, &privstrs[i], sizeof(buf) - 1);
if (!LookupPrivilegeValue (NULL, buf, &priv))
continue;
More information about the Cygwin-patches
mailing list