https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=155a1ec5fb27dcbbc2e6464bc6e5d8b08c0b03e5
commit 155a1ec5fb27dcbbc2e6464bc6e5d8b08c0b03e5 Author: Corinna Vinschen <[email protected]> Date: Wed Mar 23 17:40:24 2016 +0100 Allocate temporary TOKEN_GROUP arrays using TLS A user token can be up to 64K in size. The group list might take a lot of that so use tmp_pathbuf allocated space rather than stack space allocted via alloca. In create_token the TOKEN_GROUP was allocated via malloc, but the code is needlessly complicated. Simplify by using tmp_pathbuf as well. * sec_auth.cc (verify_token): Allocate TOKEN_GROUP via tmp_pathbuf. (create_token): Ditto. Signed-off-by: Corinna Vinschen <[email protected]> Diff: --- winsup/cygwin/sec_auth.cc | 40 ++++++++++++---------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index ba29339..b6dc9d6 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -763,6 +763,7 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) NTSTATUS status; ULONG size; bool intern = false; + tmp_pathbuf tp; if (pintern) { @@ -808,16 +809,10 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) return gsid == groups.pgsid; } - PTOKEN_GROUPS my_grps; + PTOKEN_GROUPS my_grps = (PTOKEN_GROUPS) tp.w_get (); - status = NtQueryInformationToken (token, TokenGroups, NULL, 0, &size); - if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL) - { - debug_printf ("NtQueryInformationToken(token, TokenGroups), %y", status); - return false; - } - my_grps = (PTOKEN_GROUPS) alloca (size); - status = NtQueryInformationToken (token, TokenGroups, my_grps, size, &size); + status = NtQueryInformationToken (token, TokenGroups, my_grps, + 2 * NT_MAX_PATH, &size); if (!NT_SUCCESS (status)) { debug_printf ("NtQueryInformationToken(my_token, TokenGroups), %y", @@ -903,6 +898,7 @@ create_token (cygsid &usersid, user_groups &new_groups) HANDLE token = INVALID_HANDLE_VALUE; HANDLE primary_token = INVALID_HANDLE_VALUE; + tmp_pathbuf tp; PTOKEN_GROUPS my_tok_gsids = NULL; cygpsid mandatory_integrity_sid; ULONG size; @@ -938,24 +934,14 @@ create_token (cygsid &usersid, user_groups &new_groups) /* Retrieving current processes group list to be able to inherit some important well known group sids. */ - status = NtQueryInformationToken (hProcToken, TokenGroups, NULL, 0, - &size); - if (!NT_SUCCESS (status) && status != STATUS_BUFFER_TOO_SMALL) - debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), %y", - status); - else if (!(my_tok_gsids = (PTOKEN_GROUPS) malloc (size))) - debug_printf ("malloc (my_tok_gsids) failed."); - else + my_tok_gsids = (PTOKEN_GROUPS) tp.w_get (); + status = NtQueryInformationToken (hProcToken, TokenGroups, my_tok_gsids, + 2 * NT_MAX_PATH, &size); + if (!NT_SUCCESS (status)) { - status = NtQueryInformationToken (hProcToken, TokenGroups, - my_tok_gsids, size, &size); - if (!NT_SUCCESS (status)) - { - debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), " - "%y", status); - free (my_tok_gsids); - my_tok_gsids = NULL; - } + debug_printf ("NtQueryInformationToken(hProcToken, TokenGroups), " + "%y", status); + my_tok_gsids = NULL; } } @@ -1022,8 +1008,6 @@ out: CloseHandle (token); if (privs) free (privs); - if (my_tok_gsids) - free (my_tok_gsids); lsa_close_policy (lsa); debug_printf ("%p = create_token ()", primary_token);
