commit dacc3dbfa501b34b626078d29f69d706a61b47e1
author Robert Shearman <rob@codeweavers.com> Tue Jun 14 19:15:58 2005 +0000
committer Alexandre Julliard <julliard@winehq.org> Tue Jun 14 19:15:58 2005 +0000
tree 1a7e1457c30fc7f7cbfb1ecceed3f0df7344161b
parent acaa5c5eff506b552fdbc46a8a5f913e352618b9

Fix size used to validate the sids in aces.

server/trace.c

diff --git a/server/trace.c b/server/trace.c
index de386e3..04b2e57 100644
--- a/server/trace.c
+++ b/server/trace.c
@@ -429,9 +429,12 @@
     DWORD i;
 
     /* security check */
-    if ((size < sizeof(SID)) ||
-      (FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
+    if ((FIELD_OFFSET(SID, SubAuthority[0]) > size) ||
+        (FIELD_OFFSET(SID, SubAuthority[sid->SubAuthorityCount]) > size))
+    {
+        fprintf( stderr, "<invalid sid>" );
         return;
+    }
 
     fputc( '{', stderr );
     fprintf( stderr, "S-%u-%lu", sid->Revision, MAKELONG(
@@ -453,12 +456,16 @@
     if (size)
     {
         if (size < sizeof(ACL))
+        {
+            fprintf( stderr, "<invalid acl>}\n" );
             return;
+        }
         size -= sizeof(ACL);
         ace = (const ACE_HEADER *)(acl + 1);
         for (i = 0; i < acl->AceCount; i++)
         {
             const SID *sid = NULL;
+            size_t sid_size = 0;
 
             if (size < sizeof(ACE_HEADER))
                 return;
@@ -471,21 +478,25 @@
             {
             case ACCESS_DENIED_ACE_TYPE:
                 sid = (const SID *)&((const ACCESS_DENIED_ACE *)ace)->SidStart;
+                sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart);
                 fprintf( stderr, "ACCESS_DENIED_ACE_TYPE,Mask=%lx",
                          ((const ACCESS_DENIED_ACE *)ace)->Mask );
                 break;
             case ACCESS_ALLOWED_ACE_TYPE:
                 sid = (const SID *)&((const ACCESS_ALLOWED_ACE *)ace)->SidStart;
+                sid_size = ace->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
                 fprintf( stderr, "ACCESS_ALLOWED_ACE_TYPE,Mask=%lx",
                          ((const ACCESS_ALLOWED_ACE *)ace)->Mask );
                 break;
             case SYSTEM_AUDIT_ACE_TYPE:
                 sid = (const SID *)&((const SYSTEM_AUDIT_ACE *)ace)->SidStart;
+                sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart);
                 fprintf( stderr, "SYSTEM_AUDIT_ACE_TYPE,Mask=%lx",
                          ((const SYSTEM_AUDIT_ACE *)ace)->Mask );
                 break;
             case SYSTEM_ALARM_ACE_TYPE:
                 sid = (const SID *)&((const SYSTEM_ALARM_ACE *)ace)->SidStart;
+                sid_size = ace->AceSize - FIELD_OFFSET(SYSTEM_ALARM_ACE, SidStart);
                 fprintf( stderr, "SYSTEM_ALARM_ACE_TYPE,Mask=%lx",
                          ((const SYSTEM_ALARM_ACE *)ace)->Mask );
                 break;
@@ -495,7 +506,7 @@
             }
             fprintf( stderr, ",AceFlags=%x,Sid=", ace->AceFlags );
             if (sid)
-                dump_inline_sid( sid, size );
+                dump_inline_sid( sid, sid_size );
             ace = (const ACE_HEADER *)((const char *)ace + ace->AceSize);
             fputc( '}', stderr );
         }