diff options
author | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2021-09-16 20:20:00 +0000 |
---|---|---|
committer | wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> | 2021-09-16 20:20:00 +0000 |
commit | 2556a1853b6d3523b270e54af85e37830df62762 (patch) | |
tree | 664fa01534efd6145f111ba8cc9e8e791b81dc70 | |
parent | db7878536f5a8e6daa9e608f6ccd8b32dd752355 (diff) | |
download | libapr-2556a1853b6d3523b270e54af85e37830df62762.tar.gz |
Fix handle leak in the Win32 apr_uid_current implementation.
Backports: r1860057
Submitted by: ivan
Reviewed by: wrowe
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1893388 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | user/win32/userinfo.c | 27 |
2 files changed, 22 insertions, 8 deletions
@@ -6,6 +6,9 @@ Changes for APR 1.7.1 (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] + *) Fix handle leak in the Win32 apr_uid_current implementation. + PR 61165. [Ivan Zhakov] + *) Add error handling for lseek() failures in apr_file_write() and apr_file_writev(). [Joe Orton] diff --git a/user/win32/userinfo.c b/user/win32/userinfo.c index c6b5084a5..89f9b8cf0 100644 --- a/user/win32/userinfo.c +++ b/user/win32/userinfo.c @@ -171,27 +171,38 @@ APR_DECLARE(apr_status_t) apr_uid_current(apr_uid_t *uid, DWORD needed; TOKEN_USER *usr; TOKEN_PRIMARY_GROUP *grp; - + apr_status_t rv; + if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) { return apr_get_os_error(); } *uid = NULL; if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed) - && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) + && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (usr = apr_palloc(p, needed)) - && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) + && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) { *uid = usr->User.Sid; - else - return apr_get_os_error(); + } + else { + rv = apr_get_os_error(); + CloseHandle(threadtok); + return rv; + } if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (grp = apr_palloc(p, needed)) - && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) + && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) { *gid = grp->PrimaryGroup; - else - return apr_get_os_error(); + } + else { + rv = apr_get_os_error(); + CloseHandle(threadtok); + return rv; + } + + CloseHandle(threadtok); return APR_SUCCESS; #endif |