Corinna Vinschen
2018-04-12 07:45:44 UTC
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=e206c39bb6bf91808dbcd2cfbd572525825982cd
commit e206c39bb6bf91808dbcd2cfbd572525825982cd
Author: Corinna Vinschen <***@vinschen.de>
Date: Thu Apr 12 09:43:12 2018 +0200
Cygwin: fix guard checking for current user's AuthZ context
Signed-off-by: Corinna Vinschen <***@vinschen.de>
Diff:
---
winsup/cygwin/sec_helper.cc | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 3478360..a1d8cba 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -821,12 +821,16 @@ authz_ctx::get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
if (RtlEqualSid (user_sid, cygheap->user.sid ())
&& !cygheap->user.issetuid ())
{
+ /* Avoid lock in default case. */
if (!user_ctx_hdl)
{
authz_guard.acquire ();
- if (!AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
- authz_dummy_luid, NULL,
- &user_ctx_hdl))
+ /* Check user_ctx_hdl again under lock to avoid overwriting
+ user_ctx_hdl if it has already been initialized. */
+ if (!user_ctx_hdl
+ && !AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
+ authz_dummy_luid, NULL,
+ &user_ctx_hdl))
debug_printf ("AuthzInitializeContextFromToken, %E");
authz_guard.release ();
}
commit e206c39bb6bf91808dbcd2cfbd572525825982cd
Author: Corinna Vinschen <***@vinschen.de>
Date: Thu Apr 12 09:43:12 2018 +0200
Cygwin: fix guard checking for current user's AuthZ context
Signed-off-by: Corinna Vinschen <***@vinschen.de>
Diff:
---
winsup/cygwin/sec_helper.cc | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/winsup/cygwin/sec_helper.cc b/winsup/cygwin/sec_helper.cc
index 3478360..a1d8cba 100644
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -821,12 +821,16 @@ authz_ctx::get_user_attribute (mode_t *attribute, PSECURITY_DESCRIPTOR psd,
if (RtlEqualSid (user_sid, cygheap->user.sid ())
&& !cygheap->user.issetuid ())
{
+ /* Avoid lock in default case. */
if (!user_ctx_hdl)
{
authz_guard.acquire ();
- if (!AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
- authz_dummy_luid, NULL,
- &user_ctx_hdl))
+ /* Check user_ctx_hdl again under lock to avoid overwriting
+ user_ctx_hdl if it has already been initialized. */
+ if (!user_ctx_hdl
+ && !AuthzInitializeContextFromToken (0, hProcToken, authz, NULL,
+ authz_dummy_luid, NULL,
+ &user_ctx_hdl))
debug_printf ("AuthzInitializeContextFromToken, %E");
authz_guard.release ();
}