[dlls/advapi32/security.c] elimination of strncpy + bug

Peter Berg Larsen pebl at math.ku.dk
Fri Apr 15 16:17:54 CDT 2005 

Patch at the buttom.

The old code in function ParseStringSecurityDescriptorToSecurityDescriptor
seemed not to \0 terminate the token (tok)?
The token is given to ParseStringSidToSid which gives it to
ComputeStringSidSize, which 'while's over the token till a \0 is found.
Did I miss something?


static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
    LPCWSTR StringSecurityDescriptor,
    SECURITY_DESCRIPTOR* SecurityDescriptor,
    LPDWORD cBytes)
{
        WCHAR tok[MAX_PATH];
        ....
        /* Extract token */
        lptoken = StringSecurityDescriptor;
        while (*lptoken && *lptoken != ':')
            lptoken++;

        if (*lptoken)
             lptoken--;

        strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);

        switch (toktype)
        {
            case 'O':
            {
                DWORD bytes;

                if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
                    goto lend;



static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
{
    BOOL bret = FALSE;
    SID* pisid=pSid;

    TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
    if (!StringSid)
    {
        SetLastError(ERROR_INVALID_PARAMETER);
        TRACE("StringSid is NULL, returning FALSE\n");
        return FALSE;
    }

    *cBytes = ComputeStringSidSize(StringSid);
    ...
}


static DWORD ComputeStringSidSize(LPCWSTR StringSid)
{
    int ctok = 0;
    DWORD size = sizeof(SID);

    while (*StringSid)
    {
        if (*StringSid == '-')
            ctok++;
        StringSid++;
    }
    ...
}





Index: dlls/advapi32/security.c
===================================================================
RCS file: /home/wine/wine/dlls/advapi32/security.c,v
retrieving revision 1.97
diff -u -r1.97 security.c
--- dlls/advapi32/security.c    29 Mar 2005 11:31:18 -0000      1.97
+++ dlls/advapi32/security.c    15 Apr 2005 20:13:42 -0000
@@ -2663,6 +2663,7 @@
     WCHAR tok[MAX_PATH];
     LPCWSTR lptoken;
     LPBYTE lpNext = NULL;
+    DWORD  toklen;

     *cBytes = 0;

@@ -2683,15 +2684,15 @@
        StringSecurityDescriptor++;

        /* Extract token */
+       toklen = 0;
        lptoken = StringSecurityDescriptor;
        while (*lptoken && *lptoken != ':')
-            lptoken++;
+           tok[toklen++] = *lptoken++;
+       tok[toklen] = '\0';

-       if (*lptoken)
+       if (*lptoken) /* e.g. *lptoken == ':' */
             lptoken--;

-       strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
-
         switch (toktype)
        {
             case 'O':

More information about the wine-patches mailing list