ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix size used to validate the sids in aces.

This commit is contained in:
Robert Shearman 2005-06-14 19:15:58 +00:00 committed by Alexandre Julliard
parent acaa5c5eff
commit dacc3dbfa5
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/token.c
View File

@ -161,6 +161,7 @@ static int acl_is_valid( const ACL *acl, size_t size )
for (i = 0; i < acl->AceCount; i++)
{
const SID *sid;
size_t sid_size;
if (size < sizeof(ACE_HEADER))
return FALSE;
@ -171,21 +172,25 @@ static int acl_is_valid( const ACL *acl, size_t size )
{
case ACCESS_DENIED_ACE_TYPE:
sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
break;
case ACCESS_ALLOWED_ACE_TYPE:
sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
break;
case SYSTEM_AUDIT_ACE_TYPE:
sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
break;
case SYSTEM_ALARM_ACE_TYPE:
sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
break;
default:
return FALSE;
}
if (size < sizeof(SID) ||
size < FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]))
if (sid_size < FIELD_OFFSET(SID, SubAuthority[0]) ||
sid_size < FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]))
return FALSE;
ace = ace_next( ace );
}

17
server/trace.c
View File

@ -429,9 +429,12 @@ static void dump_inline_sid( const SID *sid, size_t size )
DWORD i;
/* security check */
if ((size < sizeof(SID)) ||
(FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
if ((FIELD_OFFSET(SID, SubAuthority[0]) > size) ||
(FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
{
fprintf( stderr, "<invalid sid>" );
return;
}
fputc( '{', stderr );
fprintf( stderr, "S-%u-%lu", sid->Revision, MAKELONG(
@ -453,12 +456,16 @@ static void dump_inline_acl( const ACL *acl, size_t size )
if (size)
{
if (size < sizeof(ACL))
{
fprintf( stderr, "<invalid acl>}\n" );
return;
}
size -= sizeof(ACL);
ace = (const ACE_HEADER *)(acl + 1);
for (i = 0; i < acl->AceCount; i++)
{
const SID *sid = NULL;
size_t sid_size = 0;
if (size < sizeof(ACE_HEADER))
return;
@ -471,21 +478,25 @@ static void dump_inline_acl( const ACL *acl, size_t size )
{
case ACCESS_DENIED_ACE_TYPE:
sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
fprintf( stderr, "ACCESS_DENIED_ACE_TYPE,Mask=%lx",
((const ACCESS_DENIED_ACE *)ace)->Mask );
break;
case ACCESS_ALLOWED_ACE_TYPE:
sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
fprintf( stderr, "ACCESS_ALLOWED_ACE_TYPE,Mask=%lx",
((const ACCESS_ALLOWED_ACE *)ace)->Mask );
break;
case SYSTEM_AUDIT_ACE_TYPE:
sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
fprintf( stderr, "SYSTEM_AUDIT_ACE_TYPE,Mask=%lx",
((const SYSTEM_AUDIT_ACE *)ace)->Mask );
break;
case SYSTEM_ALARM_ACE_TYPE:
sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
fprintf( stderr, "SYSTEM_ALARM_ACE_TYPE,Mask=%lx",
((const SYSTEM_ALARM_ACE *)ace)->Mask );
break;
@ -495,7 +506,7 @@ static void dump_inline_acl( const ACL *acl, size_t size )
}
fprintf( stderr, ",AceFlags=%x,Sid=", ace->AceFlags );
if (sid)
dump_inline_sid( sid, size );
dump_inline_sid( sid, sid_size );
ace = (const ACE_HEADER *)((const char *)ace + ace->AceSize);
fputc( '}', stderr );
}