From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-196217-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 61101 invoked by alias); 1 Apr 2015 10:37:38 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 61091 invoked by uid 89); 1 Apr 2015 10:37:37 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.6 required=5.0 tests=AWL,BAYES_50 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 01 Apr 2015 10:37:36 +0000
Received: by calimero.vinschen.de (Postfix, from userid 500)	id E0447A8096E; Wed,  1 Apr 2015 12:37:33 +0200 (CEST)
Date: Wed, 01 Apr 2015 10:37:00 -0000
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Cc: Qian Hong <fracting@gmail.com>
Subject: Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
Message-ID: <20150401103733.GA4835@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com, Qian Hong <fracting@gmail.com>
References: <CALd+sZQu4496pEW-B9eCsS-EC426uSgieh9cjECe5reBW52GQQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd"
Content-Disposition: inline
In-Reply-To: <CALd+sZQu4496pEW-B9eCsS-EC426uSgieh9cjECe5reBW52GQQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SW-Source: 2015-04/txt/msg00011.txt.bz2

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-length: 2049

Hi Qian,

On Apr  1 18:15, Qian Hong wrote:
> Hi folks,
>=20
> When playing with Cygwin / MSYS2 on Wine, I found a crashing related
> to LsaLookupSids.
>=20
>=20
> In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from
> arg.full_acc->dom to dom:
>=20
> 1768     *wcpncpy (dom, arg.full_acc->dom->Buffer,
> 1769           arg.full_acc->dom->Length / sizeof (WCHAR)) =3D L'\0';
>=20
> where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].Domain=
Index]
>=20
> winsup/cygwin/grp.cc:
>=20
> 650           fetch_acc_t full_acc =3D
> 651         {
> 652           .sid =3D sidp_buf[ncnt],
> 653           .name =3D &nlst[ncnt].Name,
> 654           .dom =3D &dlst->Domains[nlst[ncnt].DomainIndex].Name,
> 655           .acc_type =3D nlst[ncnt].Use
> 656         };
>=20
> According to my test [1]. DomainIndex can be -1 sometimes, which seems
> valid according to a similar MSDN entry [2]:

Ouch.  I missed this hint in the description of LsaLookupSids:

  DomainIndex

    [...]
    If there is no corresponding domain for an account, this member
    contains a negative value.

> On windows, I never found crashing when accessing to Domains[-1]:
> While it might be safe, but it might not be meaningful, here is an
> example output of content of Domains[-1]:
>=20
> lsa.c:431: haha names[8].DomainIndex -1
> lsa.c:432: use 8 /* SidTypeUnknown */
> lsa.c:433: name L"S-1-5-5-0-117053"
> lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */
> lsa.c:436: domain sid 00000020 /* not like a valid sid */

Ok, that makes sense.  This is a logon SID, a session-unique SID created
at logon time.  Not looking for invalid domain refs is clearly a bug in
Cygwin.  Since, as you said, Windows doesn't crash when accessing
ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
new Cygwin snapshot to https://cygwin.com/snapshots/ later today.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature
Content-length: 819

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVG8ptAAoJEPU2Bp2uRE+g4UgP/iLDqB6sF4YPZDbZ9hYuwpbo
Wu29NmK4qCMFq2HjTiJELkiRjTJOzrenS38V+bP0alZf0dqvVEFcEnPpXXsmPMxk
hkj0GmXa5v3wHGGOrdP2LrxAGNtb5G0WCCRVyDVEh0SEsTVxJQIN30OBFEI8cCsK
JFac2FKzcZne472WngfSEuFCJXbSl7IE8h+y8wAegPXPydLgllJo5jljwOh/GQem
/krplhRMIz1ill2RpHx98c2MeGouDfcq0rtt8f5ufToG7FtYLxHRWepKMajX3KzK
Px5zDdc100PZ0wFE3xTzkzom7mGNRwygandVMV5fYOX7E1OPcqwKKxH+qdCkwQfj
NdJcQa/MAtkAN+TQ9ksobSO9jIVeIqFukMC85tZ/rgQ778DEpcILDdQcXWWtg6OF
8h3FYew7sm6QHkHVIVRX6qg0Cxy3h10Etf9O9vYFfKwNSsRFd67yiYsVPk7Ol6hK
s6EDfdNO0OlcecJjx8I/VAOCds6EhpOuOoevK9/B9kzphYX20AKJQqiEtat7WKg1
/D077nyaLv/duXUy2Cv4WCiVIVInS7Kb2VF65mFhwvGowQMIA3uITFGjwmIZ33IV
XI1XNFJevipyBXw2PSEtnfQFxyhEKuPXrUp8pR/Q/f7ST7ti16rojttDLWFrNcp4
BJucRqZYLTGsia0YZhYS
=CHxd
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--