* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and

allocate dynamically. (pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf. * sec_acl.cc (setacl): Allocate acl dynamically. * sec_helper.cc (sec_acl): Add test for alignment of acl when DEBUGGING is defined. (__sec_user): Same for sa_buf. * security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR and allocate dynamically. (alloc_sd): Allocate acl dynamically. security.h (sec_user_nih): Change first parameter to SECURITY_ATTRIBUTES *. (sec_user): Ditto. * sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and allocate dynamically. * syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate dynamically. * uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES and allocate dynamically. * winbase.h (ilockincr): Mark first argument of inline assembly as earlyclobber. (ilockdecr): Ditto.
2005-06-07 19:31:42 +00:00 · 2005-06-07 19:31:42 +00:00 · 7311cc1f0c
parent b739751db9
commit 7311cc1f0c
10 changed files with 57 additions and 23 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,28 @@
+2005-06-06  Corinna Vinschen  <corinna@vinschen.de>
+
+	* pinfo.cc (pinfo::init): Define sa_buf as PSECURITY_ATTRIBUTES and
+	allocate dynamically.
+	(pinfo::set_acl): Replace sa_buf by dynamically allocated acl_buf.
+	* sec_acl.cc (setacl): Allocate acl dynamically.
+	* sec_helper.cc (sec_acl): Add test for alignment of acl when
+	DEBUGGING is defined.
+	(__sec_user): Same for sa_buf.
+	* security.cc (verify_token): Define sd_buf as PSECURITY_DESCRIPTOR
+	and allocate dynamically.
+	(alloc_sd): Allocate acl dynamically.
+	security.h (sec_user_nih): Change first parameter to
+	SECURITY_ATTRIBUTES *.
+	(sec_user): Ditto.
+	* sigproc.cc (wait_sig): Define sa_buf as PSECURITY_ATTRIBUTES and
+	allocate dynamically.
+	* syscalls.cc (seteuid32): Define dacl_buf as PACL and allocate
+	dynamically.
+	* uinfo.cc (cygheap_user::init): Define sa_buf as PSECURITY_ATTRIBUTES
+	and allocate dynamically.
+	* winbase.h (ilockincr): Mark first argument of inline assembly as
+	earlyclobber.
+	(ilockdecr): Ditto.
+
 2005-06-07  Christopher Faylor  <cgf@timesys.com>

 	* cygthread.cc (cygthread::detach): Make error message a little more
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@ -199,7 +199,7 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
    }

  procinfo = NULL;
-  char sa_buf[1024];
+  PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
  PSECURITY_ATTRIBUTES sec_attribs = sec_user_nih (sa_buf, cygheap->user.sid(),
 						   well_known_world_sid,
 						   FILE_MAP_READ);
@ -307,14 +307,14 @@ pinfo::init (pid_t n, DWORD flag, HANDLE h0)
 void
 pinfo::set_acl()
 {
-  char sa_buf[1024];
+  PACL acl_buf = (PACL) alloca (1024);
  SECURITY_DESCRIPTOR sd;

-  sec_acl ((PACL) sa_buf, true, true, cygheap->user.sid (),
+  sec_acl (acl_buf, true, true, cygheap->user.sid (),
 	   well_known_world_sid, FILE_MAP_READ);
  if (!InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION))
    debug_printf ("InitializeSecurityDescriptor %E");
-  else if (!SetSecurityDescriptorDacl (&sd, TRUE, (PACL) sa_buf, FALSE))
+  else if (!SetSecurityDescriptorDacl (&sd, TRUE, acl_buf, FALSE))
    debug_printf ("SetSecurityDescriptorDacl %E");
  else if (!SetKernelObjectSecurity (h, DACL_SECURITY_INFORMATION, &sd))
    debug_printf ("SetKernelObjectSecurity %E");
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@ -94,8 +94,7 @@ setacl (HANDLE handle, const char *file, int nentries, __aclent32_t *aclbufp)
    }

  /* Fill access control list. */
-  char acl_buf[3072];
-  PACL acl = (PACL) acl_buf;
+  PACL acl = (PACL) alloca (3072);
  size_t acl_len = sizeof (ACL);
  int ace_off = 0;

--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@ -489,6 +489,10 @@ sec_acl (PACL acl, bool original, bool admins, PSID sid1, PSID sid2, DWORD acces
  LPVOID pAce;
  cygpsid psid;

+#ifdef DEBUGGING
+  if ((unsigned long) acl % 4)
+    api_fatal ("Incorrectly aligned incoming ACL buffer!");
+#endif
  if (!InitializeAcl (acl, acl_len, ACL_REVISION))
    {
      debug_printf ("InitializeAcl %E");
@ -531,7 +535,12 @@ __sec_user (PVOID sa_buf, PSID sid1, PSID sid2, DWORD access2, BOOL inherit)
 			     ((char *) sa_buf + sizeof (*psa));
  PACL acl = (PACL) ((char *) sa_buf + sizeof (*psa) + sizeof (*psd));

-  if (!wincap.has_security () || !sec_acl (acl, true, true, sid1, sid2, access2))
+#ifdef DEBUGGING
+  if ((unsigned long) sa_buf % 4)
+    api_fatal ("Incorrectly aligned incoming SA buffer!");
+#endif
+  if (!wincap.has_security ()
+      || !sec_acl (acl, true, true, sid1, sid2, access2))
    return inherit ? &sec_none : &sec_none_nih;

  if (!InitializeSecurityDescriptor (psd, SECURITY_DESCRIPTOR_REVISION))
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -772,14 +772,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
     is not well_known_null_sid, it must match pgrpsid */
  if (intern && !groups.issetgroups ())
    {
-      char sd_buf[MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR)];
+      const DWORD sd_buf_siz = MAX_SID_LEN + sizeof (SECURITY_DESCRIPTOR);
+      PSECURITY_DESCRIPTOR sd_buf = (PSECURITY_DESCRIPTOR) alloca (sd_buf_siz);
      cygpsid gsid (NO_SID);
      if (!GetKernelObjectSecurity (token, GROUP_SECURITY_INFORMATION,
-				    (PSECURITY_DESCRIPTOR) sd_buf,
-				    sizeof sd_buf, &size))
+				    sd_buf, sd_buf_siz, &size))
 	debug_printf ("GetKernelObjectSecurity(), %E");
-      else if (!GetSecurityDescriptorGroup ((PSECURITY_DESCRIPTOR) sd_buf,
-					    (PSID *) &gsid, (BOOL *) &size))
+      else if (!GetSecurityDescriptorGroup (sd_buf, (PSID *) &gsid,
+					    (BOOL *) &size))
 	debug_printf ("GetSecurityDescriptorGroup(), %E");
      if (well_known_null_sid != gsid)
 	return gsid == groups.pgsid;
@ -1538,8 +1538,7 @@ alloc_sd (__uid32_t uid, __gid32_t gid, int attribute,
    }

  /* Initialize local access control list. */
-  char acl_buf[3072];
-  PACL acl = (PACL) acl_buf;
+  PACL acl = (PACL) alloca (3072);
  if (!InitializeAcl (acl, 3072, ACL_REVISION))
    {
      __seterrno ();
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@ -382,13 +382,15 @@ int __stdcall NTReadEA (const char *file, const char *attrname, char *buf, int l
 BOOL __stdcall NTWriteEA (const char *file, const char *attrname, const char *buf, int len);

 extern inline SECURITY_ATTRIBUTES *
-sec_user_nih (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
+sec_user_nih (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
+	      DWORD access2 = 0)
 {
  return __sec_user (sa_buf, sid1, sid2, access2, FALSE);
 }

 extern inline SECURITY_ATTRIBUTES *
-sec_user (char sa_buf[], PSID sid1 = NULL, PSID sid2 = NULL, DWORD access2 = 0)
+sec_user (SECURITY_ATTRIBUTES *sa_buf, PSID sid1 = NULL, PSID sid2 = NULL,
+	  DWORD access2 = 0)
 {
  return __sec_user (sa_buf, sid1, sid2, access2, TRUE);
 }
--- a/winsup/cygwin/sigproc.cc
+++ b/winsup/cygwin/sigproc.cc
@ -998,7 +998,7 @@ static DWORD WINAPI
 wait_sig (VOID *self)
 {
  HANDLE readsig;
-  char sa_buf[1024];
+  PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
  Static bool holding_signals;

  /* Initialization */
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@ -2053,10 +2053,10 @@ seteuid32 (__uid32_t uid)
 				&groups.pgsid, sizeof (cygsid)))
 	debug_printf ("SetTokenInformation(user.token, TokenPrimaryGroup), %E");
      /* Try setting default DACL */
-      char dacl_buf[MAX_DACL_LEN (5)];
-      if (sec_acl ((PACL) dacl_buf, true, true, usersid))
+      PACL dacl_buf = (PACL) alloca (MAX_DACL_LEN (5));
+      if (sec_acl (dacl_buf, true, true, usersid))
 	{
-	  TOKEN_DEFAULT_DACL tdacl = { (PACL) dacl_buf };
+	  TOKEN_DEFAULT_DACL tdacl = { dacl_buf };
 	  if (!SetTokenInformation (new_token, TokenDefaultDacl,
 				    &tdacl, sizeof (tdacl)))
 	    debug_printf ("SetTokenInformation (TokenDefaultDacl), %E");
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@ -65,7 +65,7 @@ cygheap_user::init ()
    debug_printf ("SetTokenInformation(TokenOwner), %E");

  /* Standard way to build a security descriptor with the usual DACL */
-  char sa_buf[1024];
+  PSECURITY_ATTRIBUTES sa_buf = (PSECURITY_ATTRIBUTES) alloca (1024);
  psd = (PSECURITY_DESCRIPTOR)
  		(sec_user_nih (sa_buf, sid()))->lpSecurityDescriptor;

--- a/winsup/cygwin/winbase.h
+++ b/winsup/cygwin/winbase.h
@ -19,7 +19,7 @@ ilockincr (long *m)
 	movl	$1,%0\n\
 	lock	xadd %0,%1\n\
 	inc	%0\n\
-	": "=r" (__res), "=m" (*m): "m" (*m): "cc");
+	": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
  return __res;
 }

@ -31,7 +31,7 @@ ilockdecr (long *m)
 	movl	$0xffffffff,%0\n\
 	lock	xadd %0,%1\n\
 	dec	%0\n\
-	": "=r" (__res), "=m" (*m): "m" (*m): "cc");
+	": "=&r" (__res), "=m" (*m): "m" (*m): "cc");
  return __res;
 }