You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by wr...@apache.org on 2021/09/16 20:20:00 UTC

svn commit: r1893388 - in /apr/apr/branches/1.7.x: ./ CHANGES user/win32/userinfo.c

Author: wrowe
Date: Thu Sep 16 20:20:00 2021
New Revision: 1893388

URL: http://svn.apache.org/viewvc?rev=1893388&view=rev
Log:
Fix handle leak in the Win32 apr_uid_current implementation.


Backports: r1860057
Submitted by: ivan
Reviewed by: wrowe

Modified:
    apr/apr/branches/1.7.x/   (props changed)
    apr/apr/branches/1.7.x/CHANGES
    apr/apr/branches/1.7.x/user/win32/userinfo.c

Propchange: apr/apr/branches/1.7.x/
------------------------------------------------------------------------------
  Merged /apr/apr/trunk:r1860057

Modified: apr/apr/branches/1.7.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?rev=1893388&r1=1893387&r2=1893388&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.7.x/CHANGES [utf-8] Thu Sep 16 20:20:00 2021
@@ -6,6 +6,9 @@ Changes for APR 1.7.1
      (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
      later 1.6.x releases, but was missing in 1.7.0.)  [Stefan Sperling]
 
+  *) Fix handle leak in the Win32 apr_uid_current implementation.
+     PR 61165. [Ivan Zhakov]
+
   *) Add error handling for lseek() failures in apr_file_write() and
      apr_file_writev().  [Joe Orton]
 

Modified: apr/apr/branches/1.7.x/user/win32/userinfo.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/user/win32/userinfo.c?rev=1893388&r1=1893387&r2=1893388&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/user/win32/userinfo.c (original)
+++ apr/apr/branches/1.7.x/user/win32/userinfo.c Thu Sep 16 20:20:00 2021
@@ -171,27 +171,38 @@ APR_DECLARE(apr_status_t) apr_uid_curren
     DWORD needed;
     TOKEN_USER *usr;
     TOKEN_PRIMARY_GROUP *grp;
-    
+    apr_status_t rv;
+
     if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) {
         return apr_get_os_error();
     }
 
     *uid = NULL;
     if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed)
-        && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) 
+        && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
         && (usr = apr_palloc(p, needed))
-        && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed))
+        && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed)) {
         *uid = usr->User.Sid;
-    else
-        return apr_get_os_error();
+    }
+    else {
+        rv = apr_get_os_error();
+        CloseHandle(threadtok);
+        return rv;
+    }
 
     if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed)
         && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) 
         && (grp = apr_palloc(p, needed))
-        && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed))
+        && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed)) {
         *gid = grp->PrimaryGroup;
-    else
-        return apr_get_os_error();
+    }
+    else {
+        rv = apr_get_os_error();
+        CloseHandle(threadtok);
+        return rv;
+    }
+
+    CloseHandle(threadtok);
 
     return APR_SUCCESS;
 #endif