From c7432b13faa27c240b8c31bb45d1f2888ef34ffd Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Wed, 16 Dec 2015 12:25:27 +0100
Subject: [PATCH] Fix crash reading invalid SIDs from passwd and group files

        * grp.cc (pwdgrp::parse_group): Only copy the SID if it's valid.
        * passwd.cc (pwdgrp::parse_passwd): Ditto.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/ChangeLog | 5 +++++
 winsup/cygwin/grp.cc    | 4 ++--
 winsup/cygwin/passwd.cc | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 4eb418dde..74b6db17e 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2015-12-16  Corinna Vinschen  <corinna@vinschen.de>
+
+	* grp.cc (pwdgrp::parse_group): Only copy the SID if it's valid.
+	* passwd.cc (pwdgrp::parse_passwd): Ditto.
+
 2015-12-14  Sebastian Huber  <sebastian.huber@embedded-brains.de>
 
 	* include/cygwin/signal.h (sigset_t): Move defintition to newlib.
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index 501db1a2c..8c3b82198 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -48,8 +48,8 @@ pwdgrp::parse_group ()
   /* Don't generate gr_mem entries. */
   grp.g.gr_mem = &null_ptr;
   cygsid csid;
-  csid.getfromgr_passwd (&grp.g);
-  RtlCopySid (SECURITY_MAX_SID_SIZE, grp.sid, csid);
+  if (csid.getfromgr_passwd (&grp.g))
+    RtlCopySid (SECURITY_MAX_SID_SIZE, grp.sid, csid);
   return true;
 }
 
diff --git a/winsup/cygwin/passwd.cc b/winsup/cygwin/passwd.cc
index 54e429ccf..6526243c8 100644
--- a/winsup/cygwin/passwd.cc
+++ b/winsup/cygwin/passwd.cc
@@ -41,8 +41,8 @@ pwdgrp::parse_passwd ()
   res.p.pw_dir =  next_str (':');
   res.p.pw_shell = next_str (':');
   cygsid csid;
-  csid.getfrompw_gecos (&res.p);
-  RtlCopySid (SECURITY_MAX_SID_SIZE, res.sid, csid);
+  if (csid.getfrompw_gecos (&res.p))
+    RtlCopySid (SECURITY_MAX_SID_SIZE, res.sid, csid);
   /* lptr points to the \0 after pw_shell.  Increment by one to get the correct
      required buffer len in getpw_cp. */
   res.len = lptr - res.p.pw_name + 1;