This is the mail archive of the cygwin-cvs@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[newlib-cygwin] Add length check creating domain\group strings


https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=40668dcc7cb823ba01599f30d3aed40d7d9659f6

commit 40668dcc7cb823ba01599f30d3aed40d7d9659f6
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Thu Nov 24 10:40:14 2016 +0100

    Add length check creating domain\group strings
    
    Fix Coverity CID 153932
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/sec_auth.cc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 468d048..50823c6 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -342,9 +342,9 @@ static bool
 get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
 		 PWCHAR user, PWCHAR domain)
 {
-  WCHAR dgroup[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
+  WCHAR dgroup[MAX_DOMAIN_NAME_LEN + GNLEN + 2], *grp_p;
   LPGROUP_USERS_INFO_0 buf;
-  DWORD cnt, tot, len;
+  DWORD cnt, tot;
   NET_API_STATUS ret;
 
   /* Look only on logonserver */
@@ -363,9 +363,8 @@ get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
       return ret == NERR_UserNotFound || ret == ERROR_ACCESS_DENIED;
     }
 
-  len = wcslen (domain);
-  wcscpy (dgroup, domain);
-  dgroup[len++] = L'\\';
+  grp_p = wcpncpy (dgroup, domain, MAX_DOMAIN_NAME_LEN);
+  *grp_p++ = L'\\';
 
   for (DWORD i = 0; i < cnt; ++i)
     {
@@ -375,7 +374,8 @@ get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
       DWORD dlen = sizeof (dom);
       SID_NAME_USE use = SidTypeInvalid;
 
-      wcscpy (dgroup + len, buf[i].grui0_name);
+      *wcpncpy (grp_p, buf[i].grui0_name, sizeof dgroup / sizeof *dgroup
+					 - (grp_p - dgroup) - 1) = L'\0';
       if (!LookupAccountNameW (NULL, dgroup, gsid, &glen, dom, &dlen, &use))
 	debug_printf ("LookupAccountName(%W), %E", dgroup);
       else if (well_known_sid_type (use))


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]