libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-01-19 04:49:25 +08:00
Code Issues Projects Releases Wiki Activity

Cygwin: load_user_profile: fix use-after-free issue

Browse Source 
In case of a local machine account login, pi.lpProfilePath points
to the buffer returned by NetUserGetInfo, but NetApiBufferFree
is called prior to calling LoadUserProfileW.  Fix by copying over
usri3_profile to the local userpath buffer, just as in the AD case.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-03-01 21:04:02 +01:00
parent 6aef5a46d7
commit 7ba9d12a72
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
winsup/cygwin/sec_auth.cc
View File

@ -267,7 +267,11 @@ load_user_profile (HANDLE token, struct passwd *pw, cygpsid &usersid)
else
{
if (ui->usri3_profile && *ui->usri3_profile)
pi.lpProfilePath = ui->usri3_profile;
{
wcsncpy (userpath, ui->usri3_profile, MAX_PATH - 1);
userpath[MAX_PATH - 1] = L'\0';
pi.lpProfilePath = userpath;
}
NetApiBufferFree (ui);
}
}