From dev-return-15322-apmail-apr-dev-archive=apr.apache.org@apr.apache.org Sun Jan 22 10:40:02 2006 Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 45553 invoked from network); 22 Jan 2006 10:40:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 Jan 2006 10:40:02 -0000 Received: (qmail 16625 invoked by uid 500); 22 Jan 2006 10:40:00 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 16497 invoked by uid 500); 22 Jan 2006 10:39:59 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 16486 invoked by uid 99); 22 Jan 2006 10:39:59 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Jan 2006 02:39:59 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [207.155.248.31] (HELO ajax.cnchost.com) (207.155.248.31) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Jan 2006 02:39:58 -0800 Received: from [192.168.0.21] (c-24-13-128-132.hsd1.il.comcast.net [24.13.128.132]) by ajax.cnchost.com id FAA13253; Sun, 22 Jan 2006 05:39:31 -0500 (EST) [ConcentricHost SMTP Relay 1.17] Errors-To: Message-ID: <43D3606C.5000408@rowe-clan.net> Date: Sun, 22 Jan 2006 04:37:32 -0600 From: "William A. Rowe, Jr." User-Agent: Mozilla Thunderbird 1.0.7-1.1.fc3 (X11/20050929) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Garrett Rooney CC: APR Developer List Subject: Re: [PATCH] avoid crashing when given invalid user/group ids on win32 References: <7edfeeef0601211707me475cc2i485a301cc80d59a2@mail.gmail.com> In-Reply-To: <7edfeeef0601211707me475cc2i485a301cc80d59a2@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Garrett Rooney wrote: > The fix is to use IsValidSid to confirm the validity of the uid/gid > before we try to call LookupAccountSid. I'd disagree. The test tried to force a hardcode platform specific value at apr_uid_get etc... that's invalid and should crash the users' code. We have a general principal in apr that faulty code produces crashes, while faulty data produces errors. I'd disagree that the data was faulty. What uid/gid were they trying to test? Should we have some static helpers to get the root / everyone sorts of ID's on a platform-by-platform basis? > The one thing I'm really not sure of is what should be done on non-NT > systems. The MSDN docs say that IsValidSid didn't show up until NT > workstation 3.1. Rule of thumb; Win95 is bare minimum baseline, and we aren't really even trying to support anything pre-WinNT (although if folks continue to offer patches for 9x series platforms I guess they will always be welcomed while we can apply them without hurting a more sophisticated implementation.)