[Bug 28628] New: advapi32/security.ok: GetTokenInformation(Token, TokenGroups, ...) returns partial garbage leading to uninitialized memory accesses?
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Oct 9 12:55:28 CDT 2011
http://bugs.winehq.org/show_bug.cgi?id=28628
Bug #: 28628
Summary: advapi32/security.ok: GetTokenInformation(Token,
TokenGroups,...) returns partial garbage leading to
uninitialized memory accesses?
Product: Wine
Version: 1.3.29
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: advapi32
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
Classification: Unclassified
"wine advapi32_test.exe.so security.c" says in part
security.c:1475: TokenGroups:
security.c:1489: S-1-1-0, \Everyone use: 5 attr: 0x00000007
security.c:1489: S-1-2-0, \LOCAL use: 5 attr: 0x00000007
security.c:1489: S-1-5-4, NT AUTHORITY\INTERACTIVE use: 5 attr: 0x00000007
security.c:1489: S-1-5-11, NT AUTHORITY\Authenticated Users use: 5 attr:
0x00000007
security.c:1489: S-1-5-32-544, BUILTIN\Administrators use: 4 attr: 0x0000000f
security.c:1492: attr: 0x00000007 LookupAccountSid failed with error 1332
security.c:1492: attr: 0xc0000007 LookupAccountSid failed with error 1332
Those two LookupAccountSid() errors appear to be because the last two SIDs
from GetTokenInformation() are garbage.
This causes the valgrind warning
Conditional jump or move depends on uninitialised value(s)
at RtlEqualSid (sec.c:210)
by EqualSid (security.c:1027)
by IsWellKnownSid (security.c:961)
by LookupAccountSidW (security.c:2098)
by LookupAccountSidA (security.c:2024)
by test_token_attr (security.c:1485)
by func_security (security.c:4000)
by run_test (test.h:556)
by main (test.h:624)
Uninitialised value was created by a client request
at RtlAllocateHeap (heap.c:208)
by test_token_attr (security.c:1468)
by func_security (security.c:4000)
by run_test (test.h:556)
by main (test.h:624)
I dumped the SIDs that are being compared in test_token_attr, and
it looks like the first six are ok, but the last two aren't:
...
security.c:1487: Dumping SIDs
security.c:1489: i = 4, j = 0, val = 1
security.c:1489: i = 4, j = 1, val = 2
security.c:1489: i = 4, j = 2, val = 0
security.c:1489: i = 4, j = 3, val = 0
security.c:1489: i = 4, j = 4, val = 0
security.c:1489: i = 4, j = 5, val = 0
security.c:1489: i = 4, j = 6, val = 0
security.c:1489: i = 4, j = 7, val = 5
security.c:1489: i = 4, j = 8, val = 20
security.c:1489: i = 4, j = 9, val = 0
security.c:1489: i = 4, j = 10, val = 0
security.c:1489: i = 4, j = 11, val = 0
security.c:1496: S-1-5-32-544, BUILTIN\Administrators use: 4 attr: 0x0000000f
security.c:1487: Dumping SIDs
security.c:1489: i = 5, j = 0, val = 1
security.c:1489: i = 5, j = 1, val = 2
security.c:1489: i = 5, j = 2, val = 0
security.c:1489: i = 5, j = 3, val = 0
security.c:1489: i = 5, j = 4, val = cc
security.c:1489: i = 5, j = 5, val = cc
security.c:1489: i = 5, j = 6, val = cc
security.c:1489: i = 5, j = 7, val = cc
security.c:1489: i = 5, j = 8, val = cc
security.c:1489: i = 5, j = 9, val = cc
security.c:1489: i = 5, j = 10, val = cc
security.c:1489: i = 5, j = 11, val = cc
security.c:1499: attr: 0x00000007 LookupAccountSid failed with error 1332
security.c:1487: Dumping SIDs
security.c:1489: i = 6, j = 0, val = cc
security.c:1489: i = 6, j = 1, val = cc
security.c:1489: i = 6, j = 2, val = cc
security.c:1489: i = 6, j = 3, val = cc
security.c:1489: i = 6, j = 4, val = cc
security.c:1489: i = 6, j = 5, val = cc
security.c:1489: i = 6, j = 6, val = cc
security.c:1489: i = 6, j = 7, val = cc
security.c:1489: i = 6, j = 8, val = cc
security.c:1489: i = 6, j = 9, val = cc
security.c:1489: i = 6, j = 10, val = cc
security.c:1489: i = 6, j = 11, val = cc
security.c:1499: attr: 0xc0000007 LookupAccountSid failed with error 1332
Is some buffer length wrong somewhere?
The responsible code seems to be from:
commit 573db9ef639f65385f1efab5593b52c72b4b4108
Author: Nikolay Sivov <nsivov at codeweavers.com>
Date: Tue Aug 23 11:16:27 2011 +0400
ntdll: While requesting TokenGroups calculate required user buffer size in
server.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list