New subject: [Bug 20884] Write buffer overrun in LsaLookupNames2?

1 Dec 2009


      http://bugs.winehq.org/show_bug.cgi?id=20884
Summary: Write buffer overrun in LsaLookupNames2?
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: download, source, testcase
          Severity: normal
          Priority: P2
         Component: advapi32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: dank@kegel.com
First posted in
http://www.winehq.org/pipermail/wine-devel/2009-November/079920.html
I don't think anyone's posted a fix...
Still present today, see
http://kegel.com/wine/valgrind/logs/2009-11-27-12.53/vg-advapi32_lsa.txt
Invalid write of size 1
   at memmove (mc_replace_strmem.c:613)
   by RtlCopySid (sec.c:376)
   by CopySid (security.c:905)
   by lookup_local_wellknown_name (security.c:2800)
   by lookup_name (lsa.c:308)
   by LsaLookupNames2 (lsa.c:411)
   by test_LsaLookupNames2 (lsa.c:336)
   by func_lsa (lsa.c:362)
 Address 0x7f03c550 is 6 bytes after a block of size 26 alloc'd
   at notify_alloc (heap.c:279)
   by RtlAllocateHeap (heap.c:1521)
   by LsaLookupNames2 (lsa.c:402)
   by test_LsaLookupNames2 (lsa.c:336)
   by func_lsa (lsa.c:362)
Looks like LsaLookupNames2() is at fault, the allocation
at line 402 should be the size promised at line 411?
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 20884] New: Write buffer overrun in LsaLookupNames2?