This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Cc: Qian Hong <fracting at gmail dot com>
Date: Wed, 1 Apr 2015 12:37:33 +0200
Subject: Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
Authentication-results: sourceware.org; auth=none
References: <CALd+sZQu4496pEW-B9eCsS-EC426uSgieh9cjECe5reBW52GQQ at mail dot gmail dot com>
Reply-to: cygwin at cygwin dot com

Hi Qian,

On Apr  1 18:15, Qian Hong wrote:
> Hi folks,
> 
> When playing with Cygwin / MSYS2 on Wine, I found a crashing related
> to LsaLookupSids.
> 
> 
> In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from
> arg.full_acc->dom to dom:
> 
> 1768     *wcpncpy (dom, arg.full_acc->dom->Buffer,
> 1769           arg.full_acc->dom->Length / sizeof (WCHAR)) = L'\0';
> 
> where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].DomainIndex]
> 
> winsup/cygwin/grp.cc:
> 
> 650           fetch_acc_t full_acc =
> 651         {
> 652           .sid = sidp_buf[ncnt],
> 653           .name = &nlst[ncnt].Name,
> 654           .dom = &dlst->Domains[nlst[ncnt].DomainIndex].Name,
> 655           .acc_type = nlst[ncnt].Use
> 656         };
> 
> According to my test [1]. DomainIndex can be -1 sometimes, which seems
> valid according to a similar MSDN entry [2]:

Ouch.  I missed this hint in the description of LsaLookupSids:

  DomainIndex

    [...]
    If there is no corresponding domain for an account, this member
    contains a negative value.

> On windows, I never found crashing when accessing to Domains[-1]:
> While it might be safe, but it might not be meaningful, here is an
> example output of content of Domains[-1]:
> 
> lsa.c:431: haha names[8].DomainIndex -1
> lsa.c:432: use 8 /* SidTypeUnknown */
> lsa.c:433: name L"S-1-5-5-0-117053"
> lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */
> lsa.c:436: domain sid 00000020 /* not like a valid sid */

Ok, that makes sense.  This is a logon SID, a session-unique SID created
at logon time.  Not looking for invalid domain refs is clearly a bug in
Cygwin.  Since, as you said, Windows doesn't crash when accessing
ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
new Cygwin snapshot to https://cygwin.com/snapshots/ later today.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp65GZ9cb_ei.pgp
Description: PGP signature

Follow-Ups:
- Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
  - From: Qian Hong
- Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
  - From: Qian Hong

References:
- Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
  - From: Qian Hong

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]