diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index 521b4cd4c..a6b39b28c 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,15 @@ +2010-09-10 Corinna Vinschen + + * flock.cc (allow_others_to_sync): Define MAX_PROCESS_SD_SIZE. Use + instead of ACL_DEFAULT_SIZE. + * sec_acl.cc (setacl): Use TLS buffer to allow maximum ACL size. + * security.h (ACL_DEFAULT_SIZE): Drop definition. + (ACL_MAXIMUM_SIZE): Define. + (SD_MAXIMUM_SIZE): Define. + * security.cc (get_file_sd): Allocate security_decscriptor with size + SD_MAXIMUM_SIZE. + (alloc_sd): Use TLS buffer to allow maximum ACL size. + 2010-09-10 Corinna Vinschen * mount.cc (class fs_info_cache): New class to cache filesystem diff --git a/winsup/cygwin/flock.cc b/winsup/cygwin/flock.cc index 7d0436b11..c899361ff 100644 --- a/winsup/cygwin/flock.cc +++ b/winsup/cygwin/flock.cc @@ -155,10 +155,11 @@ allow_others_to_sync () should be more than sufficient for process ACLs. Can't use tls functions at this point because this gets called during initialization when the tls is not really available. */ - PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (ACL_DEFAULT_SIZE); +#define MAX_PROCESS_SD_SIZE 3072 + PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR) alloca (MAX_PROCESS_SD_SIZE); status = NtQuerySecurityObject (NtCurrentProcess (), DACL_SECURITY_INFORMATION, sd, - ACL_DEFAULT_SIZE, &len); + MAX_PROCESS_SD_SIZE, &len); if (!NT_SUCCESS (status)) { debug_printf ("NtQuerySecurityObject: %p", status); diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index fbf2bffa7..2650b45c8 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -22,6 +22,7 @@ details. */ #include "dtable.h" #include "cygheap.h" #include "pwdgrp.h" +#include "tls_pbuf.h" static int searchace (__aclent32_t *aclp, int nentries, int type, __uid32_t id = ILLEGAL_UID) @@ -40,6 +41,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, bool &writable) { security_descriptor sd_ret; + tmp_pathbuf tp; if (get_file_sd (handle, pc, sd_ret, false)) return -1; @@ -83,7 +85,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, } /* Fill access control list. */ - PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); + PACL acl = (PACL) tp.w_get (); size_t acl_len = sizeof (ACL); int ace_off = 0; @@ -92,7 +94,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, __aclent32_t *aclbufp, struct __group32 *gr; int pos; - if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) + if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) { __seterrno (); return -1; diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index e88fcf2fc..1052f98c0 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -24,6 +24,7 @@ details. */ #include "cygheap.h" #include "ntdll.h" #include "pwdgrp.h" +#include "tls_pbuf.h" #include #define ALL_SECURITY_INFORMATION (DACL_SECURITY_INFORMATION \ @@ -68,7 +69,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, else { NTSTATUS status; - ULONG len = 32768; + ULONG len = SD_MAXIMUM_SIZE; if (!sd.malloc (len)) { @@ -413,6 +414,7 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, security_descriptor &sd_ret) { BOOL dummy; + tmp_pathbuf tp; /* NOTE: If the high bit of attribute is set, we have just created a file or directory. See below for an explanation. */ @@ -483,8 +485,8 @@ alloc_sd (path_conv &pc, __uid32_t uid, __gid32_t gid, int attribute, } /* Initialize local access control list. */ - PACL acl = (PACL) alloca (ACL_DEFAULT_SIZE); - if (!InitializeAcl (acl, ACL_DEFAULT_SIZE, ACL_REVISION)) + PACL acl = (PACL) tp.w_get (); + if (!InitializeAcl (acl, ACL_MAXIMUM_SIZE, ACL_REVISION)) { __seterrno (); return NULL; diff --git a/winsup/cygwin/security.h b/winsup/cygwin/security.h index d38edc16d..198f0f075 100644 --- a/winsup/cygwin/security.h +++ b/winsup/cygwin/security.h @@ -26,7 +26,8 @@ details. */ #define MAX_DACL_LEN(n) (sizeof (ACL) \ + (n) * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (DWORD) + MAX_SID_LEN)) #define SD_MIN_SIZE (sizeof (SECURITY_DESCRIPTOR) + MAX_DACL_LEN (1)) -#define ACL_DEFAULT_SIZE 3072 +#define ACL_MAXIMUM_SIZE 65532 /* Yeah, right. 64K - sizeof (DWORD). */ +#define SD_MAXIMUM_SIZE 65536 #define NO_SID ((PSID)NULL) #ifndef SE_CREATE_TOKEN_PRIVILEGE