Make get_user_sid() return the cached copy if one already exists.

A user reported in January that locking down our process ACL causes get_user_sid's call to OpenProcessToken to fail with a permissions error. This _shouldn't_ be important, because we'll already have found and cached the user SID before getting that far - but unfortunately the call to get_user_sid in winnpc.c was bypassing the cache and trying the whole process again. This fix changes the memory ownership semantics of get_user_sid(): it's now an error to free the value it gives you, or else the *next* call to get_user_sid() will return a stale pointer. Hence, also removed those frees everywhere they appear.
2025-07-17 11:00:59 -05:00 · 2016-02-27 09:25:23 +00:00
parent 5ee166aab6
commit 9c6a600e5b
4 changed files with 4 additions and 9 deletions
--- a/windows/winsecur.c
+++ b/windows/winsecur.c
@ -44,6 +44,9 @@ PSID get_user_sid(void)
    DWORD toklen, sidlen;
    PSID sid = NULL, ret = NULL;

+    if (usersid)
+        return usersid;
+
    if (!got_advapi())
        goto cleanup;

@ -73,7 +76,7 @@ PSID get_user_sid(void)

    /* Success. Move sid into the return value slot, and null it out
     * to stop the cleanup code freeing it. */
-    ret = sid;
+    ret = usersid = sid;
    sid = NULL;

  cleanup: