PlaneteCasio
/
libc
1
0
Fork 0
Code Issues 6 Pull Requests Releases Wiki Activity

mkgroup/mkpasswd: Fix potential buffer overwrite in corner case 

Fixes Coverity CIDs 60076, 60077 and 60081

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2016-10-23 17:02:24 +02:00
parent 7d5af6f0ba
commit 526107a753
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
winsup/utils/mkgroup.c
View File

@ -296,10 +296,12 @@ enum_local_groups (domlist_t *mach, const char *sep,
else if (acc_type == SidTypeDomain)
{
WCHAR domname[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
PWCHAR p;
wcscpy (domname, domain_name);
wcscat (domname, L"\\");
wcscat (domname, buffer[i].lgrpi0_name);
p = wcpcpy (domname, domain_name);
p = wcpcpy (p, L"\\");
p = wcpncpy (p, buffer[i].lgrpi0_name, GNLEN);
*p = L'\0';
sid_length = SECURITY_MAX_SID_SIZE;
domname_len = MAX_DOMAIN_NAME_LEN + 1;
if (!LookupAccountNameW (machine, domname,
@ -434,10 +436,12 @@ enum_groups (domlist_t *mach, const char *sep, DWORD id_offset,
else if (acc_type == SidTypeDomain)
{
WCHAR domname[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
PWCHAR p;
wcscpy (domname, machine);
wcscat (domname, L"\\");
wcscat (domname, buffer[i].grpi2_name);
p = wcpcpy (domname, machine);
p = wcpcpy (p, L"\\");
p = wcpncpy (p, buffer[i].grpi2_name, GNLEN);
*p = L'\0';
sid_length = SECURITY_MAX_SID_SIZE;
domname_len = MAX_DOMAIN_NAME_LEN + 1;
if (!LookupAccountNameW (machine, domname, psid, &sid_length,

8
winsup/utils/mkpasswd.c
View File

@ -312,10 +312,12 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
else if (acc_type == SidTypeDomain)
{
WCHAR domname[MAX_DOMAIN_NAME_LEN + UNLEN + 2];
PWCHAR p;
wcscpy (domname, machine);
wcscat (domname, L"\\");
wcscat (domname, buffer[i].usri3_name);
p = wcpcpy (domname, machine);
p = wcpcpy (p, L"\\");
p = wcpncpy (p, buffer[i].usri3_name, UNLEN);
*p = L'\0';
sid_length = SECURITY_MAX_SID_SIZE;
domname_len = sizeof (domname);
if (!LookupAccountNameW (machine, domname, psid,