wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-09-13 09:17:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add bounds checking on SubAuthorityCount.

Browse Source
This commit is contained in:
Erich E. Hoover 2014-04-15 14:56:44 -06:00
parent 58eeb19b3e
commit 737eb1005a
2 changed files with 37 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
patches/02-ACL_Extended_Attributes/0003-server-Store-file-security-attributes-with-extended-.patch
View File

@ -1,13 +1,13 @@
From 060f418210bd083d4893b5bf481c9a42525320c6 Mon Sep 17 00:00:00 2001
From 26610999c43a7c3725490800baf53aed0a0820a7 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Tue, 15 Apr 2014 14:27:48 -0600
Date: Tue, 15 Apr 2014 14:52:28 -0600
Subject: server: Store file security attributes with extended file
attributes.
---
configure.ac | 12 +++++++++++
server/file.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 77 insertions(+)
configure.ac | 12 ++++++++++
server/file.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 82 insertions(+)
diff --git a/configure.ac b/configure.ac
index 7e463b9..c0cc653 100644
@ -40,7 +40,7 @@ index 7e463b9..c0cc653 100644
AC_SUBST(dlldir,"\${libdir}/wine")
diff --git a/server/file.c b/server/file.c
index c98f045..40013b1 100644
index c98f045..adf7e51 100644
--- a/server/file.c
+++ b/server/file.c
@@ -32,6 +32,7 @@
@ -61,7 +61,7 @@ index c98f045..40013b1 100644
#include "ntstatus.h"
#define WIN32_NO_STATUS
@@ -178,6 +182,64 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
@@ -178,6 +182,69 @@ static struct object *create_file_obj( struct fd *fd, unsigned int access, mode_
return &file->obj;
}
@ -104,6 +104,11 @@ index c98f045..40013b1 100644
+ default:
+ continue;
+ }
+
+ /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
+ if (sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES)
+ continue;
+
+ n = sprintf( sidtxt, "S-%u-%d", sid->Revision,
+ MAKELONG(
+ MAKEWORD( sid->IdentifierAuthority.Value[5],
@ -126,7 +131,7 @@ index c98f045..40013b1 100644
static struct object *create_file( struct fd *root, const char *nameptr, data_size_t len,
unsigned int access, unsigned int sharing, int create,
unsigned int options, unsigned int attrs,
@@ -239,6 +301,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
@@ -239,6 +306,7 @@ static struct object *create_file( struct fd *root, const char *nameptr, data_si
/* FIXME: should set error to STATUS_OBJECT_NAME_COLLISION if file existed before */
fd = open_fd( root, name, flags | O_NONBLOCK | O_LARGEFILE, &mode, access, sharing, options );
if (!fd) goto done;
@ -134,7 +139,7 @@ index c98f045..40013b1 100644
if (S_ISDIR(mode))
obj = create_dir_obj( fd, access, mode );
@@ -580,6 +643,8 @@ int file_set_acls( struct object *obj, struct fd *fd, const struct security_desc
@@ -580,6 +648,8 @@ int file_set_acls( struct object *obj, struct fd *fd, const struct security_desc
mode = st.st_mode & (S_ISUID|S_ISGID|S_ISVTX);
mode |= sd_to_mode( sd, owner );

33
patches/02-ACL_Extended_Attributes/0004-server-Retrieve-file-security-attributes-with-extend.patch
View File

@ -1,13 +1,13 @@
From 2d625c28a1d39e093adcf0059815082e6995666e Mon Sep 17 00:00:00 2001
From 96ef630b374cc6254dd8d0afe0eb8a9a240f4d50 Mon Sep 17 00:00:00 2001
From: "Erich E. Hoover" <erich.e.hoover@gmail.com>
Date: Tue, 15 Apr 2014 14:31:43 -0600
Date: Tue, 15 Apr 2014 14:55:45 -0600
Subject: server: Retrieve file security attributes with extended file
attributes.
---
dlls/advapi32/tests/security.c | 49 +++++++------
server/file.c | 156 +++++++++++++++++++++++++++++++++++++++-
2 files changed, 177 insertions(+), 28 deletions(-)
dlls/advapi32/tests/security.c | 49 ++++++------
server/file.c | 169 +++++++++++++++++++++++++++++++++++++++-
2 files changed, 190 insertions(+), 28 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index bd45189..e5ef7e6 100644
@ -110,10 +110,10 @@ index bd45189..e5ef7e6 100644
CloseHandle(obj);
}
diff --git a/server/file.c b/server/file.c
index 40013b1..77da72e 100644
index adf7e51..39169a4 100644
--- a/server/file.c
+++ b/server/file.c
@@ -487,12 +487,161 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
@@ -492,12 +492,174 @@ struct security_descriptor *mode_to_sd( mode_t mode, const SID *user, const SID
return sd;
}
@ -149,6 +149,11 @@ index 40013b1..77da72e 100644
+ }
+ while(p && (!pn || p < pn));
+ sub_authority_count -= 3; /* Revision and IdentifierAuthority don't count */
+ p = pn; /* prepare for the next ACE */
+
+ /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
+ continue;
+
+ switch (type)
+ {
@ -164,7 +169,6 @@ index 40013b1..77da72e 100644
+ continue;
+ }
+ ace_count++;
+ p = pn;
+ }
+ while(p);
+
@ -224,6 +228,11 @@ index 40013b1..77da72e 100644
+ p = strchr(p, '-')+1; /* IdentifierAuthority doesn't count */
+ do
+ {
+ if (sub_authority_count == SID_MAX_SUB_AUTHORITIES)
+ {
+ sub_authority_count++; /* fail on this SID and move on to the next one */
+ break;
+ }
+ sscanf(p, "%u", &sa);
+ sid->SubAuthority[sub_authority_count] = sa;
+ p = strchr(p, '-');
@ -232,6 +241,11 @@ index 40013b1..77da72e 100644
+ }
+ while(p);
+ sid->SubAuthorityCount = sub_authority_count;
+ p = pn; /* prepare for the next ACE */
+
+ /* verify that the SubAuthorityCount does not exceed the maximum permitted value */
+ if (sub_authority_count > SID_MAX_SUB_AUTHORITIES)
+ continue;
+
+ /* Handle the specific ACE */
+ switch (type)
@ -256,7 +270,6 @@ index 40013b1..77da72e 100644
+ default:
+ continue;
+ }
+ p = pn;
+ }
+
+ return sd;
@ -275,7 +288,7 @@ index 40013b1..77da72e 100644
if (unix_fd == -1 || fstat( unix_fd, &st ) == -1)
return obj->sd;
@@ -502,9 +651,10 @@ struct security_descriptor *file_get_acls( struct object *obj, struct fd *fd, mo
@@ -507,9 +669,10 @@ struct security_descriptor *file_get_acls( struct object *obj, struct fd *fd, mo
(st.st_uid == *uid))
return obj->sd;