This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] Allocate temporary TOKEN_GROUP arrays using TLS
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 23 Mar 2016 16:51:22 -0000
- Subject: [newlib-cygwin] Allocate temporary TOKEN_GROUP arrays using TLS
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=155a1ec5fb27dcbbc2e6464bc6e5d8b08c0b03e5
commit 155a1ec5fb27dcbbc2e6464bc6e5d8b08c0b03e5
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Wed Mar 23 17:40:24 2016 +0100
Allocate temporary TOKEN_GROUP arrays using TLS
A user token can be up to 64K in size. The group list might take a lot
of that so use tmp_pathbuf allocated space rather than stack space
allocted via alloca. In create_token the TOKEN_GROUP was allocated via
malloc, but the code is needlessly complicated. Simplify by using
tmp_pathbuf as well.
* sec_auth.cc (verify_token): Allocate TOKEN_GROUP via tmp_pathbuf.
(create_token): Ditto.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/sec_auth.cc | 40 ++++++++++++----------------------------
1 file changed, 12 insertions(+), 28 deletions(-)
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index ba29339..b6dc9d6 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -763,6 +763,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
NTSTATUS status;
ULONG size;
bool intern = false;
+ tmp_pathbuf tp;
if (pintern)
{
@@ -808,16 +809,10 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
return gsid == groups.pgsid;
}
- PTOKEN_GROUPS my_grps;
+ PTOKEN_GROUPS my_grps = (PTOKEN_GROUPS) tp.w_get ();
- status = NtQueryInformationToken (token, TokenGroups, NULL, 0, &size);
- if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL)
- {
- debug_printf ("NtQueryInformationToken(token, TokenGroups), %y", status);
- return false;
- }
- my_grps = (PTOKEN_GROUPS) alloca (size);
- status = NtQueryInformationToken (token, TokenGroups, my_grps, size, &size);
+ status = NtQueryInformationToken (token, TokenGroups, my_grps,
+ 2 * NT_MAX_PATH, &size);
if (!NT_SUCCESS (status))
{
debug_printf ("NtQueryInformationToken(my_token, TokenGroups), %y",
@@ -903,6 +898,7 @@ create_token (cygsid &usersid, user_groups &new_groups)
HANDLE token = INVALID_HANDLE_VALUE;
HANDLE primary_token = INVALID_HANDLE_VALUE;
+ tmp_pathbuf tp;
PTOKEN_GROUPS my_tok_gsids = NULL;
cygpsid mandatory_integrity_sid;
ULONG size;
@@ -938,24 +934,14 @@ create_token (cygsid &usersid, user_groups &new_groups)
/* Retrieving current processes group list to be able to inherit
some important well known group sids. */
- status = NtQueryInformationToken (hProcToken, TokenGroups, NULL, 0,
- &size);
- if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL)
- debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), %y",
- status);
- else if (!(my_tok_gsids = (PTOKEN_GROUPS) malloc (size)))
- debug_printf ("malloc (my_tok_gsids) failed.");
- else
+ my_tok_gsids = (PTOKEN_GROUPS) tp.w_get ();
+ status = NtQueryInformationToken (hProcToken, TokenGroups, my_tok_gsids,
+ 2 * NT_MAX_PATH, &size);
+ if (!NT_SUCCESS (status))
{
- status = NtQueryInformationToken (hProcToken, TokenGroups,
- my_tok_gsids, size, &size);
- if (!NT_SUCCESS (status))
- {
- debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), "
- "%y", status);
- free (my_tok_gsids);
- my_tok_gsids = NULL;
- }
+ debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), "
+ "%y", status);
+ my_tok_gsids = NULL;
}
}
@@ -1022,8 +1008,6 @@ out:
CloseHandle (token);
if (privs)
free (privs);
- if (my_tok_gsids)
- free (my_tok_gsids);
lsa_close_policy (lsa);
debug_printf ("%p = create_token ()", primary_token);