diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2021-09-16 20:20:00 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2021-09-16 20:20:00 +0000 |
commit | eeda16590cb6c03358708865ce625e0091a0cc32 (patch) | |
tree | 664fa01534efd6145f111ba8cc9e8e791b81dc70 | |
parent | 589dd1e1c0828174b19180e18894b6158e26e9c6 (diff) | |
download | apr-eeda16590cb6c03358708865ce625e0091a0cc32.tar.gz |
Fix handle leak in the Win32 apr_uid_current implementation.
Backports: r1860057
Submitted by: ivan
Reviewed by: wrowe
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1893388 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | user/win32/userinfo.c | 27 |
2 files changed, 22 insertions, 8 deletions
@@ -6,6 +6,9 @@ Changes for APR 1.7.1 (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] + *) Fix handle leak in the Win32 apr_uid_current implementation. + PR 61165. [Ivan Zhakov] + *) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] diff --git a/user/win32/userinfo.c b/user/win32/userinfo.c index c6b5084a5..89f9b8cf0 100644 --- a/user/win32/userinfo.c +++ b/user/win32/userinfo.c @@ -171,27 +171,38 @@ APR_DECLARE(apr_status_t) apr_uid_current(apr_uid_t *uid, DWORD needed; TOKEN_USER *usr; TOKEN_PRIMARY_GROUP *grp; - + apr_status_t rv; + if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) { return apr_get_os_error(); } *uid = NULL; if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed) - && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) + && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (usr = apr_palloc(p, needed)) - && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) + && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) { *uid = usr->User.Sid; - else - return apr_get_os_error(); + } + else { + rv = apr_get_os_error(); + CloseHandle(threadtok); + return rv; + } if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (grp = apr_palloc(p, needed)) - && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) + && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) { *gid = grp->PrimaryGroup; - else - return apr_get_os_error(); + } + else { + rv = apr_get_os_error(); + CloseHandle(threadtok); + return rv; + } + + CloseHandle(threadtok); return APR_SUCCESS; #endif |