[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [win-pv-devel] [PATCH 1/4] Don't store password longer than required

To: Owen Smith <owen.smith@xxxxxxxxxx>
From: Paul Durrant <pdurrant@xxxxxxxxx>
Date: Mon, 11 Nov 2019 11:42:32 +0000
Cc: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 11 Nov 2019 11:42:47 +0000
List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

On Thu, 7 Nov 2019 at 15:53, Owen Smith <owen.smith@xxxxxxxxxx> wrote:
>
> Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>

Acked-by: Paul Durrant <paul@xxxxxxx>

> ---
>  src/tty/tty.c | 20 ++++++++++++--------
>  1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/src/tty/tty.c b/src/tty/tty.c
> index 6e340ab..035f18c 100644
> --- a/src/tty/tty.c
> +++ b/src/tty/tty.c
> @@ -51,7 +51,6 @@ typedef struct _TTY_CONTEXT {
>      TTY_STREAM          ChildStdOut;
>      TTY_STREAM          Device;
>      TCHAR               UserName[MAXIMUM_BUFFER_SIZE];
> -    TCHAR               Password[MAXIMUM_BUFFER_SIZE];
>      HANDLE              Token;
>      PROCESS_INFORMATION ProcessInfo;
>  } TTY_CONTEXT, *PTTY_CONTEXT;
> @@ -289,7 +288,8 @@ GetLine(
>
>  static BOOL
>  GetCredentials(
> -    VOID
> +    IN  PTCHAR      Password,
> +    IN  DWORD       PasswordSize
>      )
>  {
>      PTTY_CONTEXT    Context = &TtyContext;
> @@ -330,17 +330,17 @@ GetCredentials(
>
>      ECHO(&Context->Device, "Password: ");
>
> -    ZeroMemory(Context->Password, sizeof (Context->Password));
> +    ZeroMemory(Password, PasswordSize);
>
>      Success = GetLine(&Context->Device,
> -                      Context->Password,
> -                      sizeof (Context->Password),
> +                      Password,
> +                      PasswordSize,
>                        &Size,
>                        TRUE);
>      if (!Success)
>          return FALSE;
>
> -    End = _tcschr(Context->Password, TEXT('\r'));
> +    End = _tcschr(Password, TEXT('\r'));
>      if (End == NULL)
>          return FALSE;
>
> @@ -448,6 +448,7 @@ _tmain(
>      PTTY_CONTEXT        Context = &TtyContext;
>      SECURITY_ATTRIBUTES Attributes;
>      HANDLE              Handle[3];
> +    TCHAR               Password[MAXIMUM_BUFFER_SIZE];
>      DWORD               Index;
>      BOOL                Success;
>
> @@ -484,16 +485,19 @@ _tmain(
>      if (Context->Device.Write == INVALID_HANDLE_VALUE)
>          ExitProcess(1);
>
> -    Success = GetCredentials();
> +    Success = GetCredentials(Password, sizeof(Password));
>      if (!Success)
>          ExitProcess(1);
>
>      Success = LogonUser(Context->UserName,
>                          NULL,
> -                        Context->Password,
> +                        Password,
>                          LOGON32_LOGON_INTERACTIVE,
>                          LOGON32_PROVIDER_DEFAULT,
>                          &Context->Token);
> +
> +    ZeroMemory(Password, sizeof(Password));
> +
>      if (!Success)
>          ExitProcess(1);
>
> --
> 2.16.2.windows.1
>
>
> _______________________________________________
> win-pv-devel mailing list
> win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> https://lists.xenproject.org/mailman/listinfo/win-pv-devel

_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/win-pv-devel

References:
- [win-pv-devel] [PATCH 1/4] Don't store password longer than required
  - From: Owen Smith

Prev by Date: Re: [win-pv-devel] [PATCH] Use fixed size buffer for RtlStringCbPrintf
Next by Date: Re: [win-pv-devel] [PATCH 2/4] Add option to elevate administrator users
Previous by thread: Re: [win-pv-devel] [PATCH 3/4] Improve elevation prompts
Next by thread: [win-pv-devel] [PATCH] Use fixed size buffer for RtlStringCbPrintf
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.