[cvsnt] Crash on Win32 with long domainname
James Ogden
james at jeo.org.uk
Fri Jan 23 17:23:37 GMT 2004
Hi,
I was getting crashes with cvsnt (server) when using anything other than the
sspi protocol. I've isolated the exception to a memory overrun in
isDomainMember in win32.c (or rather the allocation of w_defaultdomain in
BreakNameIntoParts)
BreakNameIntoParts allocates DNLEN+1 characters for the domain name, DNLEN
is defined in (mssdk) lmcons.h as 15, being the maximum domain name length for
Lanman 2. I believe this is outdated - the code in isDomainMember uses
LsaQueryInformationPolicy to retrieve the DNS name of the domain, which can
(if memory serves) be up to 255 characters. (Ours is 17 chars)
I've changed the definition of DNLEN in lmcons.h on my machine as a proof of
concept, but this is clearly not a real solution. I think DNLEN should be
superceeded throughout the win32 code.
I don't know whether you'd prefer a patch, or whether there's enough
information in this email.
Cheers
James (no more VSS, at last!)
More information about the cvsnt
mailing list