* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use

instead of ACL_DEFAULT_SIZE. * sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size. * security.h (ACL_DEFAULT_SIZE): Drop definition. (ACL_MAXIMUM_SIZE): Define. (SD_MAXIMUM_SIZE): Define. * security.cc (get_file_sd): Allocate security_decscriptor with size SD_MAXIMUM_SIZE. (alloc_sd): Use TLS buffer to allow maximum ACL size.
2025-01-19 04:49:25 +08:00 · 2010-09-10 14:53:44 +00:00 · 2010-09-10 14:53:44 +00:00 · 4e8f539f15
commit 4e8f539f15
parent f65c5a0a2b
5 changed files with 26 additions and 8 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,15 @@
+2010-09-10  Corinna Vinschen  <corinna@vinschen.de>
+
+	* flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE.  Use
+	instead of ACL_DEFAULT_SIZE.
+	* sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size.
+	* security.h (ACL_DEFAULT_SIZE): Drop definition.
+	(ACL_MAXIMUM_SIZE): Define.
+	(SD_MAXIMUM_SIZE): Define.
+	* security.cc (get_file_sd): Allocate security_decscriptor with size
+	SD_MAXIMUM_SIZE.
+	(alloc_sd): Use TLS buffer to allow maximum ACL size.
+
 2010-09-10  Corinna Vinschen  <corinna@vinschen.de>

 	* mount.cc (class fs_info_cache): New class to cache filesystem
--- a/winsup/cygwin/flock.cc
+++ b/winsup/cygwin/flock.cc
@ -155,10 +155,11 @@ allow_others_to_sync ()
     should be more than sufficient for process ACLs.  Can't use tls functions
     at this point because this gets called during initialization when the tls
     is not really available.  */
-  PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE);
+#define MAX_PROCESS_SD_SIZE	3072
+  PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE);
  status = NtQuerySecurityObject (NtCurrentProcess (),
 				  DACL_SECURITY_INFORMATION, sd,
-				  ACL_DEFAULT_SIZE, &len);
+				  MAX_PROCESS_SD_SIZE, &len);
  if (!NT_SUCCESS (status))
    {
      debug_printf ("NtQuerySecurityObject: %p", status);
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@ -22,6 +22,7 @@ details. */
 #include "dtable.h"
 #include "cygheap.h"
 #include "pwdgrp.h"
+#include "tls_pbuf.h"

 static int
 searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID)
@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
 	bool &writable)
 {
  security_descriptor sd_ret;
+  tmp_pathbuf tp;

  if (get_file_sd (handle, pc, sd_ret, false))
    return -1;
@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
    }

  /* Fill access control list. */
-  PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
+  PACL acl = (PACL) tp.w_get ();
  size_t acl_len = sizeof (ACL);
  int ace_off = 0;

@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp,
  struct __group32 *gr;
  int pos;

-  if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
+  if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
    {
      __seterrno ();
      return -1;
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -24,6 +24,7 @@ details. */
 #include "cygheap.h"
 #include "ntdll.h"
 #include "pwdgrp.h"
+#include "tls_pbuf.h"
 #include <aclapi.h>

 #define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \
@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd,
 	  else
 	    {
 	      NTSTATUS status;
-	      ULONG len = 32768;
+	      ULONG len = SD_MAXIMUM_SIZE;

 	      if (!sd.malloc (len))
 		{
@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
 	  security_descriptor &sd_ret)
 {
  BOOL dummy;
+  tmp_pathbuf tp;

  /* NOTE: If the high bit of attribute is set, we have just created
     a file or directory.  See below for an explanation. */
@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute,
    }

  /* Initialize local access control list. */
-  PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE);
-  if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION))
+  PACL acl = (PACL) tp.w_get ();
+  if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION))
    {
      __seterrno ();
      return NULL;
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@ -26,7 +26,8 @@ details. */
 #define MAX_DACL_LEN(n) (sizeof (ACL) \
 		   + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN))
 #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1))
-#define ACL_DEFAULT_SIZE 3072
+#define ACL_MAXIMUM_SIZE 65532	/* Yeah, right.  64K - sizeof (DWORD). */
+#define SD_MAXIMUM_SIZE 65536
 #define NO_SID ((PSID)NULL)

 #ifndef SE_CREATE_TOKEN_PRIVILEGE