You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by wr...@apache.org on 2021/09/16 20:20:00 UTC
svn commit: r1893388 - in /apr/apr/branches/1.7.x: ./ CHANGES
user/win32/userinfo.c
Author: wrowe
Date: Thu Sep 16 20:20:00 2021
New Revision: 1893388
URL: http://svn.apache.org/viewvc?rev=1893388&view=rev
Log:
Fix handle leak in the Win32 apr_uid_current implementation.
Backports: r1860057
Submitted by: ivan
Reviewed by: wrowe
Modified:
apr/apr/branches/1.7.x/ (props changed)
apr/apr/branches/1.7.x/CHANGES
apr/apr/branches/1.7.x/user/win32/userinfo.c
Propchange: apr/apr/branches/1.7.x/
------------------------------------------------------------------------------
Merged /apr/apr/trunk:r1860057
Modified: apr/apr/branches/1.7.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?rev=1893388&r1=1893387&r2=1893388&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.7.x/CHANGES [utf-8] Thu Sep 16 20:20:00 2021
@@ -6,6 +6,9 @@ Changes for APR 1.7.1
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
+ *) Fix handle leak in the Win32 apr_uid_current implementation.
+ PR 61165. [Ivan Zhakov]
+
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
Modified: apr/apr/branches/1.7.x/user/win32/userinfo.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/user/win32/userinfo.c?rev=1893388&r1=1893387&r2=1893388&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/user/win32/userinfo.c (original)
+++ apr/apr/branches/1.7.x/user/win32/userinfo.c Thu Sep 16 20:20:00 2021
@@ -171,27 +171,38 @@ APR_DECLARE(apr_status_t) apr_uid_curren
DWORD needed;
TOKEN_USER *usr;
TOKEN_PRIMARY_GROUP *grp;
-
+ apr_status_t rv;
+
if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) {
return apr_get_os_error();
}
*uid = NULL;
if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed)
- && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
+ && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
&& (usr = apr_palloc(p, needed))
- && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed))
+ && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) {
*uid = usr->User.Sid;
- else
- return apr_get_os_error();
+ }
+ else {
+ rv = apr_get_os_error();
+ CloseHandle(threadtok);
+ return rv;
+ }
if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed)
&& (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
&& (grp = apr_palloc(p, needed))
- && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed))
+ && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) {
*gid = grp->PrimaryGroup;
- else
- return apr_get_os_error();
+ }
+ else {
+ rv = apr_get_os_error();
+ CloseHandle(threadtok);
+ return rv;
+ }
+
+ CloseHandle(threadtok);
return APR_SUCCESS;
#endif