diff options
| author | Rob Mensching <rob@firegiant.com> | 2024-07-14 23:58:39 -0700 |
|---|---|---|
| committer | Rob Mensching <rob@firegiant.com> | 2024-07-15 12:09:35 -0700 |
| commit | 6bd80b51b42686ce5665140d0ab7c64bd35204d9 (patch) | |
| tree | eb29d0e56ff39aca78598c91f6256edc0e373c18 /src/ext/Util/ca/scauser.cpp | |
| parent | 733886e73a5dab7da37515d98b611cdae1632c2d (diff) | |
| download | wix-6bd80b51b42686ce5665140d0ab7c64bd35204d9.tar.gz wix-6bd80b51b42686ce5665140d0ab7c64bd35204d9.tar.bz2 wix-6bd80b51b42686ce5665140d0ab7c64bd35204d9.zip | |
Fix faulty memory access in Util's User custom actions
Generally, clean up the handling of getting the domain from a server name by
centralizing and simplifying it behind an improved GetDomainFromServerName()
based on the buggy GetServerName().
Fixes 8576
Diffstat (limited to 'src/ext/Util/ca/scauser.cpp')
| -rw-r--r-- | src/ext/Util/ca/scauser.cpp | 48 |
1 files changed, 8 insertions, 40 deletions
diff --git a/src/ext/Util/ca/scauser.cpp b/src/ext/Util/ca/scauser.cpp index b643a842..79da155f 100644 --- a/src/ext/Util/ca/scauser.cpp +++ b/src/ext/Util/ca/scauser.cpp | |||
| @@ -487,7 +487,7 @@ HRESULT ScaUserExecute( | |||
| 487 | { | 487 | { |
| 488 | HRESULT hr = S_OK; | 488 | HRESULT hr = S_OK; |
| 489 | DWORD er = 0; | 489 | DWORD er = 0; |
| 490 | PDOMAIN_CONTROLLER_INFOW pDomainControllerInfo = NULL; | 490 | LPWSTR pwzDomainName = NULL; |
| 491 | 491 | ||
| 492 | LPWSTR pwzBaseScriptKey = NULL; | 492 | LPWSTR pwzBaseScriptKey = NULL; |
| 493 | DWORD cScriptKey = 0; | 493 | DWORD cScriptKey = 0; |
| @@ -518,36 +518,11 @@ HRESULT ScaUserExecute( | |||
| 518 | ExitOnFailure(hr, "Failed to add user comment to custom action data: %ls", psu->wzComment); | 518 | ExitOnFailure(hr, "Failed to add user comment to custom action data: %ls", psu->wzComment); |
| 519 | 519 | ||
| 520 | // Check to see if the user already exists since we have to be very careful when adding | 520 | // Check to see if the user already exists since we have to be very careful when adding |
| 521 | // and removing users. Note: MSDN says that it is safe to call these APIs from any | 521 | // and removing users. |
| 522 | // user, so we should be safe calling it during immediate mode. | 522 | hr = GetDomainFromServerName(&pwzDomainName, psu->wzDomain, 0); |
| 523 | er = ::NetApiBufferAllocate(sizeof(USER_INFO_0), reinterpret_cast<LPVOID*>(&pUserInfo)); | 523 | ExitOnFailure(hr, "Failed to get domain from server name: %ls", psu->wzDomain); |
| 524 | hr = HRESULT_FROM_WIN32(er); | ||
| 525 | ExitOnFailure(hr, "Failed to allocate memory to check existence of user: %ls", psu->wzName); | ||
| 526 | |||
| 527 | LPCWSTR wzDomain = psu->wzDomain; | ||
| 528 | if (wzDomain && *wzDomain) | ||
| 529 | { | ||
| 530 | er = ::DsGetDcNameW(NULL, wzDomain, NULL, NULL, NULL, &pDomainControllerInfo); | ||
| 531 | if (RPC_S_SERVER_UNAVAILABLE == er) | ||
| 532 | { | ||
| 533 | // MSDN says, if we get the above error code, try again with the "DS_FORCE_REDISCOVERY" flag | ||
| 534 | er = ::DsGetDcNameW(NULL, wzDomain, NULL, NULL, DS_FORCE_REDISCOVERY, &pDomainControllerInfo); | ||
| 535 | } | ||
| 536 | if (ERROR_SUCCESS == er && pDomainControllerInfo->DomainControllerName) | ||
| 537 | { | ||
| 538 | // If the \\ prefix on the queried domain was present, skip it. | ||
| 539 | if ('\\' == *pDomainControllerInfo->DomainControllerName && '\\' == *pDomainControllerInfo->DomainControllerName + 1) | ||
| 540 | { | ||
| 541 | wzDomain = pDomainControllerInfo->DomainControllerName + 2; | ||
| 542 | } | ||
| 543 | else | ||
| 544 | { | ||
| 545 | wzDomain = pDomainControllerInfo->DomainControllerName; | ||
| 546 | } | ||
| 547 | } | ||
| 548 | } | ||
| 549 | 524 | ||
| 550 | er = ::NetUserGetInfo(wzDomain, psu->wzName, 0, reinterpret_cast<LPBYTE*>(pUserInfo)); | 525 | er = ::NetUserGetInfo(pwzDomainName, psu->wzName, 0, reinterpret_cast<LPBYTE*>(&pUserInfo)); |
| 551 | if (NERR_Success == er) | 526 | if (NERR_Success == er) |
| 552 | { | 527 | { |
| 553 | ueUserExists = USER_EXISTS_YES; | 528 | ueUserExists = USER_EXISTS_YES; |
| @@ -560,7 +535,7 @@ HRESULT ScaUserExecute( | |||
| 560 | { | 535 | { |
| 561 | ueUserExists = USER_EXISTS_INDETERMINATE; | 536 | ueUserExists = USER_EXISTS_INDETERMINATE; |
| 562 | hr = HRESULT_FROM_WIN32(er); | 537 | hr = HRESULT_FROM_WIN32(er); |
| 563 | WcaLog(LOGMSG_VERBOSE, "Failed to check existence of domain: %ls, user: %ls (error code 0x%x) - continuing", wzDomain, psu->wzName, hr); | 538 | WcaLog(LOGMSG_VERBOSE, "Failed to check existence of domain: %ls, user: %ls (error code 0x%x) - continuing", pwzDomainName, psu->wzName, hr); |
| 564 | hr = S_OK; | 539 | hr = S_OK; |
| 565 | er = ERROR_SUCCESS; | 540 | er = ERROR_SUCCESS; |
| 566 | } | 541 | } |
| @@ -685,11 +660,6 @@ HRESULT ScaUserExecute( | |||
| 685 | ::NetApiBufferFree(static_cast<LPVOID>(pUserInfo)); | 660 | ::NetApiBufferFree(static_cast<LPVOID>(pUserInfo)); |
| 686 | pUserInfo = NULL; | 661 | pUserInfo = NULL; |
| 687 | } | 662 | } |
| 688 | if (pDomainControllerInfo) | ||
| 689 | { | ||
| 690 | ::NetApiBufferFree(static_cast<LPVOID>(pDomainControllerInfo)); | ||
| 691 | pDomainControllerInfo = NULL; | ||
| 692 | } | ||
| 693 | } | 663 | } |
| 694 | 664 | ||
| 695 | LExit: | 665 | LExit: |
| @@ -697,14 +667,12 @@ LExit: | |||
| 697 | ReleaseStr(pwzScriptKey); | 667 | ReleaseStr(pwzScriptKey); |
| 698 | ReleaseStr(pwzActionData); | 668 | ReleaseStr(pwzActionData); |
| 699 | ReleaseStr(pwzRollbackData); | 669 | ReleaseStr(pwzRollbackData); |
| 670 | ReleaseStr(pwzDomainName); | ||
| 671 | |||
| 700 | if (pUserInfo) | 672 | if (pUserInfo) |
| 701 | { | 673 | { |
| 702 | ::NetApiBufferFree(static_cast<LPVOID>(pUserInfo)); | 674 | ::NetApiBufferFree(static_cast<LPVOID>(pUserInfo)); |
| 703 | } | 675 | } |
| 704 | if (pDomainControllerInfo) | ||
| 705 | { | ||
| 706 | ::NetApiBufferFree(static_cast<LPVOID>(pDomainControllerInfo)); | ||
| 707 | } | ||
| 708 | 676 | ||
| 709 | return hr; | 677 | return hr; |
| 710 | } | 678 | } |