apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Magnusson <andreas.ch.magnus...@home.se>
Subject Re: [PATCH] avoid crashing when given invalid user/group ids on win32
Date Sun, 22 Jan 2006 09:07:45 GMT
Garrett Rooney wrote:
> I'm not sure this is entirely correct, but here's a quick patch to
> correct the problem I reported earlier about crashing in testuser.c
> when we pass bogus uid/gid values into apr_uid_name_get and
> apr_gid_name_get.
> 
> The fix is to use IsValidSid to confirm the validity of the uid/gid
> before we try to call LookupAccountSid.
> 
> The one thing I'm really not sure of is what should be done on non-NT
> systems.  The MSDN docs say that IsValidSid didn't show up until NT
> workstation 3.1.  Then again, they say the same thing about
> LookupAccountSid, and we seem to use that unconditionally, so perhaps
> it's ok.
> 
> Anyway, if a win32-savy person could take a quick look at the patch
> and tell me if it looks sane to them I'd appreciate it.
> 
> -garrett

Hi,
First: the patch look very sane.
Second: You're right, the documentation does look weird for IsValidSid 
(and all other security functions). However, IsValidSid does exists as 
an exported function from advapi32.dll on Windows ME, so a dll would at 
least not refuse to load on Win9X.
But the entrypoint in the dll is the same as for LockServiceDatabase and 
IsValidAcl (and many more), so they might not do anything on those old 
versions.
Unfortunately I don't have a running system to check on.

/Andreas


Mime
View raw message