From e206c39bb6bf91808dbcd2cfbd572525825982cd Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Thu, 12 Apr 2018 09:43:12 +0200
Subject: [PATCH] Cygwin: fix guard checking for current user's AuthZ context

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 winsup/cygwin/sec_helper.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 347836064..a1d8cba05 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -821,12 +821,16 @@ authz_ctx::get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
   if (RtlEqualSid (user_sid, cygheap->user.sid ())
       && !cygheap->user.issetuid ())
     {
+      /* Avoid lock in default case. */
       if (!user_ctx_hdl)
 	{
 	  authz_guard.acquire ();
-	  if (!AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
-						authz_dummy_luid, NULL,
-						&user_ctx_hdl))
+	  /* Check user_ctx_hdl again under lock to avoid overwriting
+	     user_ctx_hdl if it has already been initialized. */
+	  if (!user_ctx_hdl
+	      && !AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
+						   authz_dummy_luid, NULL,
+						   &user_ctx_hdl))
 	    debug_printf ("AuthzInitializeContextFromToken, %E");
 	  authz_guard.release ();
 	}