[Bug 20841] New: Read buffer overflow in test_GetSidSubAuthority?
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Nov 26 20:20:51 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20841
Summary: Read buffer overflow in test_GetSidSubAuthority?
Product: Wine
Version: 1.1.33
Platform: PC
OS/Version: Linux
Status: NEW
Keywords: download, source, testcase
Severity: normal
Priority: P2
Component: advapi32
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
CC: xerox_xerox2000 at yahoo.co.uk
http://kegel.com/wine/valgrind/logs/2009-11-26-06.08/vg-advapi32_security.txt
complains
Invalid read of size 4
at test_GetSidSubAuthority (security.c:3212)
Address 0x7f037878 is 0 bytes after a block of size 24 alloc'd
at notify_alloc (heap.c:247)
by RtlAllocateHeap (heap.c:1695)
by HeapAlloc (heap.c:276)
by GlobalAlloc (heap.c:369)
by LocalAlloc (heap.c:969)
by ConvertStringSidToSidW (security.c:4857)
by ConvertStringSidToSidA (security.c:4885)
by test_GetSidSubAuthority (security.c:3200)
The code in question is
3200
ok(pConvertStringSidToSidA("S-1-5-21-93476-23408-4576",&psid),"ConvertStringSidToSidA
failed\n");
...
3203 ok(*pGetSidSubAuthorityCount(psid) == 4,"GetSidSubAuthorityCount gave
%d expected 4\n",*pGetSidSubAuthorityCount(psid));
...
3212 todo_wine ok(*pGetSidSubAuthority(psid,4) == 0,"GetSidSubAuthority
gave %d,expected 0\n",*pGetSidSubAuthority(psid,4));
http://support.microsoft.com/kb/286182 makes me think the 2nd arg
to GetSideSubAuthority is zero-based, so it seems like
that test is overrunning the buffer, and line 3212 should be deleted.
What say?
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list