apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH] avoid crashing when given invalid user/group ids on win32
Date Fri, 10 Feb 2006 20:37:55 GMT
There's no way for a function which expects a pointer to start accepting
arbitrary numbers.  This is fixed (differently) by eliminating the test
on APR 0.9/1.2 branches and trunk.  Thanks for the pointers.

Garrett Rooney wrote:
> I'm not sure this is entirely correct, but here's a quick patch to
> correct the problem I reported earlier about crashing in testuser.c
> when we pass bogus uid/gid values into apr_uid_name_get and
> apr_gid_name_get.
> 
> The fix is to use IsValidSid to confirm the validity of the uid/gid
> before we try to call LookupAccountSid.
> 
> The one thing I'm really not sure of is what should be done on non-NT
> systems.  The MSDN docs say that IsValidSid didn't show up until NT
> workstation 3.1.  Then again, they say the same thing about
> LookupAccountSid, and we seem to use that unconditionally, so perhaps
> it's ok.
> 
> Anyway, if a win32-savy person could take a quick look at the patch
> and tell me if it looks sane to them I'd appreciate it.
> 
> -garrett


Mime
View raw message