mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Fix error reporting pointer parameters in winsecur.c.
Several functions were passing a 'char *error' and assigning error messages directly into 'error', where they should have been passing 'char **error' and assigning error messages into '*error' if the error message is to be returned to the caller. This would have led to incomplete error messages.
This commit is contained in:
parent
9c3700a6d3
commit
f6c1c8819b
@ -92,17 +92,17 @@ PSID get_user_sid(void)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int getsids(char *error)
|
int getsids(char **error)
|
||||||
{
|
{
|
||||||
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
|
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
|
||||||
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
|
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
error=NULL;
|
*error = NULL;
|
||||||
|
|
||||||
if (!usersid) {
|
if (!usersid) {
|
||||||
if ((usersid = get_user_sid()) == NULL) {
|
if ((usersid = get_user_sid()) == NULL) {
|
||||||
error = dupprintf("unable to construct SID for current user: %s",
|
*error = dupprintf("unable to construct SID for current user: %s",
|
||||||
win_strerror(GetLastError()));
|
win_strerror(GetLastError()));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -111,7 +111,7 @@ int getsids(char *error)
|
|||||||
if (!worldsid) {
|
if (!worldsid) {
|
||||||
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
|
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
|
||||||
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
|
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
|
||||||
error = dupprintf("unable to construct SID for world: %s",
|
*error = dupprintf("unable to construct SID for world: %s",
|
||||||
win_strerror(GetLastError()));
|
win_strerror(GetLastError()));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -120,7 +120,7 @@ int getsids(char *error)
|
|||||||
if (!networksid) {
|
if (!networksid) {
|
||||||
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
|
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
|
||||||
0, 0, 0, 0, 0, 0, 0, &networksid)) {
|
0, 0, 0, 0, 0, 0, 0, &networksid)) {
|
||||||
error = dupprintf("unable to construct SID for "
|
*error = dupprintf("unable to construct SID for "
|
||||||
"local same-user access only: %s",
|
"local same-user access only: %s",
|
||||||
win_strerror(GetLastError()));
|
win_strerror(GetLastError()));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -130,10 +130,6 @@ int getsids(char *error)
|
|||||||
ret = TRUE;
|
ret = TRUE;
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
if (ret) {
|
|
||||||
sfree(error);
|
|
||||||
error = NULL;
|
|
||||||
}
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -152,7 +148,7 @@ int make_private_security_descriptor(DWORD permissions,
|
|||||||
*acl = NULL;
|
*acl = NULL;
|
||||||
*error = NULL;
|
*error = NULL;
|
||||||
|
|
||||||
if (!getsids(*error))
|
if (!getsids(error))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
memset(ea, 0, sizeof(ea));
|
memset(ea, 0, sizeof(ea));
|
||||||
@ -224,7 +220,7 @@ int make_private_security_descriptor(DWORD permissions,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int really_restrict_process_acl(char *error)
|
static int really_restrict_process_acl(char **error)
|
||||||
{
|
{
|
||||||
EXPLICIT_ACCESS ea[2];
|
EXPLICIT_ACCESS ea[2];
|
||||||
int acl_err;
|
int acl_err;
|
||||||
@ -260,7 +256,7 @@ static int really_restrict_process_acl(char *error)
|
|||||||
acl_err = p_SetEntriesInAclA(2, ea, NULL, &acl);
|
acl_err = p_SetEntriesInAclA(2, ea, NULL, &acl);
|
||||||
|
|
||||||
if (acl_err != ERROR_SUCCESS || acl == NULL) {
|
if (acl_err != ERROR_SUCCESS || acl == NULL) {
|
||||||
error = dupprintf("unable to construct ACL: %s",
|
*error = dupprintf("unable to construct ACL: %s",
|
||||||
win_strerror(acl_err));
|
win_strerror(acl_err));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -269,7 +265,7 @@ static int really_restrict_process_acl(char *error)
|
|||||||
(GetCurrentProcess(), SE_KERNEL_OBJECT,
|
(GetCurrentProcess(), SE_KERNEL_OBJECT,
|
||||||
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
||||||
usersid, NULL, acl, NULL)) {
|
usersid, NULL, acl, NULL)) {
|
||||||
error=dupprintf("Unable to set process ACL: %s",
|
*error = dupprintf("Unable to set process ACL: %s",
|
||||||
win_strerror(GetLastError()));
|
win_strerror(GetLastError()));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
@ -311,7 +307,7 @@ void restrict_process_acl(void)
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
#if !defined NO_SECURITY
|
#if !defined NO_SECURITY
|
||||||
ret = really_restrict_process_acl(error);
|
ret = really_restrict_process_acl(&error);
|
||||||
#else
|
#else
|
||||||
ret = FALSE;
|
ret = FALSE;
|
||||||
error = dupstr("ACL restrictions not compiled into this binary");
|
error = dupstr("ACL restrictions not compiled into this binary");
|
||||||
|
Loading…
Reference in New Issue
Block a user