X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=ANwDL9agWNdjRTVmFO22l/zuAc5Dnh63JRznQeKmt+tyhvcN6Kj9A
	lZEX8VKEX7iyAryjqkf5fFA3NiZ2kakXs4w1YzfPtsdCAtNcIQ/dVJ6340sLzqqR
	Hy9J3AkqE25I2OvhYPZ0WZ5O1IaaDLvX/Bq9NZB9ARBg1dtZ94oMCY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=2KuC2bMUsbo57Av6l6q7q2/306k=; b=hRil4JZu24LIKltV7RPhLtOOzavr
	+VH+E5fNIT1qa87zP/R3abhnDwhVKSdm+Yn9dYw+1paGBJeSgJeUjOufestb71Ta
	5bpwPK5/86UCK68xHGxmfugYj7PqQgSC6JZiJDFwr7bp//oSTbGCLqoIkQlpOSA/
	dqJl0zLRLyg6888=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-4.6 required=5.0 tests=AWL,BAYES_50 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 1 Apr 2015 12:37:33 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Cc: Qian Hong <fracting AT gmail DOT com>
Subject: Re: Cygwin / MSYS2 runtime fails on Wine beause of accessing to (*ReferencedDomains)->Domains[-1]
Message-ID: <20150401103733.GA4835@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com, Qian Hong <fracting AT gmail DOT com>
References: <CALd+sZQu4496pEW-B9eCsS-EC426uSgieh9cjECe5reBW52GQQ AT mail DOT gmail DOT com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd"
Content-Disposition: inline
In-Reply-To: <CALd+sZQu4496pEW-B9eCsS-EC426uSgieh9cjECe5reBW52GQQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)

--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Qian,

On Apr  1 18:15, Qian Hong wrote:
> Hi folks,
>=20
> When playing with Cygwin / MSYS2 on Wine, I found a crashing related
> to LsaLookupSids.
>=20
>=20
> In winsup/cygwin/uinfo.cc, we want to copy an Unicode string from
> arg.full_acc->dom to dom:
>=20
> 1768     *wcpncpy (dom, arg.full_acc->dom->Buffer,
> 1769           arg.full_acc->dom->Length / sizeof (WCHAR)) =3D L'\0';
>=20
> where arg.full_acc->dom->Buffer came from dlst->Domains[nlst[ncnt].Domain=
Index]
>=20
> winsup/cygwin/grp.cc:
>=20
> 650           fetch_acc_t full_acc =3D
> 651         {
> 652           .sid =3D sidp_buf[ncnt],
> 653           .name =3D &nlst[ncnt].Name,
> 654           .dom =3D &dlst->Domains[nlst[ncnt].DomainIndex].Name,
> 655           .acc_type =3D nlst[ncnt].Use
> 656         };
>=20
> According to my test [1]. DomainIndex can be -1 sometimes, which seems
> valid according to a similar MSDN entry [2]:

Ouch.  I missed this hint in the description of LsaLookupSids:

  DomainIndex

    [...]
    If there is no corresponding domain for an account, this member
    contains a negative value.

> On windows, I never found crashing when accessing to Domains[-1]:
> While it might be safe, but it might not be meaningful, here is an
> example output of content of Domains[-1]:
>=20
> lsa.c:431: haha names[8].DomainIndex -1
> lsa.c:432: use 8 /* SidTypeUnknown */
> lsa.c:433: name L"S-1-5-5-0-117053"
> lsa.c:434: domain name L"\0000\0002\08c0" /* seems like garbage */
> lsa.c:436: domain sid 00000020 /* not like a valid sid */

Ok, that makes sense.  This is a logon SID, a session-unique SID created
at logon time.  Not looking for invalid domain refs is clearly a bug in
Cygwin.  Since, as you said, Windows doesn't crash when accessing
ReferencedDomains[-1], I never noticed it.  I'll fix that and upload a
new Cygwin snapshot to https://cygwin.com/snapshots/ later today.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--ZPt4rx8FFjLCG7dd
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVG8ptAAoJEPU2Bp2uRE+g4UgP/iLDqB6sF4YPZDbZ9hYuwpbo
Wu29NmK4qCMFq2HjTiJELkiRjTJOzrenS38V+bP0alZf0dqvVEFcEnPpXXsmPMxk
hkj0GmXa5v3wHGGOrdP2LrxAGNtb5G0WCCRVyDVEh0SEsTVxJQIN30OBFEI8cCsK
JFac2FKzcZne472WngfSEuFCJXbSl7IE8h+y8wAegPXPydLgllJo5jljwOh/GQem
/krplhRMIz1ill2RpHx98c2MeGouDfcq0rtt8f5ufToG7FtYLxHRWepKMajX3KzK
Px5zDdc100PZ0wFE3xTzkzom7mGNRwygandVMV5fYOX7E1OPcqwKKxH+qdCkwQfj
NdJcQa/MAtkAN+TQ9ksobSO9jIVeIqFukMC85tZ/rgQ778DEpcILDdQcXWWtg6OF
8h3FYew7sm6QHkHVIVRX6qg0Cxy3h10Etf9O9vYFfKwNSsRFd67yiYsVPk7Ol6hK
s6EDfdNO0OlcecJjx8I/VAOCds6EhpOuOoevK9/B9kzphYX20AKJQqiEtat7WKg1
/D077nyaLv/duXUy2Cv4WCiVIVInS7Kb2VF65mFhwvGowQMIA3uITFGjwmIZ33IV
XI1XNFJevipyBXw2PSEtnfQFxyhEKuPXrUp8pR/Q/f7ST7ti16rojttDLWFrNcp4
BJucRqZYLTGsia0YZhYS
=CHxd
-----END PGP SIGNATURE-----

--ZPt4rx8FFjLCG7dd--