Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242

by dt667 (Acolyte)
on Nov 03, 2015 at 15:50 UTC ( #1146826=perlquestion: print w/replies, xml ) Need Help??
dt667 has asked for the wisdom of the Perl Monks concerning the following question:

For the life of me, I cannot figure out why I cannot reproduce this error outside of my main project. This is with Perl 5.20 and I am trying to get the security information for a registry key. Here is the code as written in my main project followed by a code snippet that I have tried running outside of the project to reproduce the error.
sub getEffectiveRights { my $object = $_[1]; my $objectType = $_[2]; my $binarySid = $_[3]; my $error = undef; my $result = undef; # Establish variables. my $psidOwner; my $psidGroup; my $pDacl; my $pSacl; my $pSecurityDescriptor; try { $logger->debug("Object: $object"); # Call GetNamedSecurityInfo. This is to get the DACL. ($psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescriptor) + = Win32::Security::Raw::GetNamedSecurityInfo( $object, $objectType, 'DACL_SECURITY_INFORMATION'); print "returned from Win32::Security::Raw::GetNamedSecurityInf +o\n"; unless (defined($pDacl)) { throw Error::Simple("An error occurred trying to access th +e discretionary access control entries for security object '" . $obje +ct . "'."); } # Build the trustee structure. my $trustee = System_Functions->buildTrusteeWithSid($binarySid +); # Get the access mask. $result = System_Functions->getEffectiveRightsFromAcl($pDacl, +$trustee); } catch Error::Simple with { $error = shift; print "error = $error\n"; } finally { # Clear memory. if (defined($pSecurityDescriptor)) { Win32::Security::Raw::LocalFree($pSecurityDescriptor); } }; if (defined($error)) { throw Error::Simple("Could not access '$object'. Verify that i +t exists and that you have permission to access it. $error"); } return $result; }
And the script that works outside of the main project:
use warnings; use strict; use Win32::Security::Raw; #my $object = "MACHINE\\SYSTEM\\CurrentControlSet\\Services"; my @objects = ("MACHINE\\SYSTEM\\CurrentControlSet\\services","MACHINE +\\SYSTEM\\CurrentControlSet\\Services","MACHINE\\SYSTEM\\CurrentContr +olSet\\services\\.NET CLR Data", "MACHINE\\SYSTEM\\CurrentControlSet\ +\services\\Lsa\\Performance"); my $ObjectType = 'SE_REGISTRY_KEY'; my $SecurityInfo = 'DACL_SECURITY_INFORMATION'; # Establish variables. my $psidOwner; my $psidGroup; my $pDacl; my $pSacl; my $pSecurityDescriptor; foreach my $object (@objects) { print "object = $object\n"; # Call GetNamedSecurityInfo. This is to get the DACL. ($psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescriptor) = W +in32::Security::Raw::GetNamedSecurityInfo($object, $ObjectType, 'DACL +_SECURITY_INFORMATION'); print "$psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescripto +r.\n"; if (defined($pSecurityDescriptor)) { Win32::Security::Raw::LocalFree($pSecurityDescriptor); } print "\n\n"; }
I noticed that Win32::API, which is called by Win32::Security::Raw, changed significantly since Perl 5.12 and now has buffer overflow protection built-in but I'm unsure why it would be complaining about "parameter 1". Any help would be greatly appreciative as this is preventing us from upgrading to Perl 5.20.
  • Comment on Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242
  • Select or Download Code

Replies are listed 'Best First'.
Re: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242
by shmem (Chancellor) on Nov 03, 2015 at 18:33 UTC
    Here is the code as written in my main project followed by a code snippet that I have tried running outside of the project to reproduce the error.

    In the code snippet I cannot see a call to getEffectiveRights(@args) as stated in your first code block. How do both pieces relate?

    Ah, it is about Win32::Security::Raw::GetNamedSecurityInfo. You should dump the contents of @_ in sub getEffectiveRights - just to be sure the right parameters are passed. Output/logs from both would be helpful, too, in order to help you.

    perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'

      So I've actually added some print statements to Win32\Security\Raw.pm:

      sub GetNamedSecurityInfo { my($pObjectName, $ObjectType, $SecurityInfo) = @_; print "Raw.pm - pObjectName = $pObjectName.\n"; print "Raw.pm - ObjectType = $ObjectType.\n"; print "Raw.pm - SecurityInfo = $SecurityInfo.\n"; $Win32::API::DEBUG = 1; $call ||= Win32::API->new('advapi32', 'GetNamedSecurityInfo', [qw( +P I I P P P P P)], 'I') or Carp::croak("Unable to connect to GetNamed +SecurityInfo."); print "Raw.pm - new Win32::API succeeded\n"; $ObjectType = &Win32::Security::SE_OBJECT_TYPE->build_mask($Object +Type); print "Raw.pm - obtained objectType = $ObjectType.\n"; $SecurityInfo = &Win32::Security::SECURITY_INFORMATION->build_mask +($SecurityInfo); print "Raw.pm - obtained security info\n"; my($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescript +or) = ("\0"x4) x 5; my $retval = $call->Call($pObjectName, int($ObjectType), $SecurityInfo, $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, + $ppSecurityDescriptor); print "Raw.pm - retVal set\n"; $retval and Carp::croak(&_format_error('GetNamedSecurityInfo', $re +tval)); foreach ($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDe +scriptor) { $_ = unpack("V", $_); } print "$ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc +riptor.\n"; return($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc +riptor); }

      So my output for my main project looks like this:

      object = MACHINE\SYSTEM\CurrentControlSet\services. objectType = SE_REGISTRY_KEY. Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info error = Win32::API::Call: parameter 1 had a buffer overflow at c:/perl +utils/Perl/site/lib/Win32/Security/Raw.pm line 248.

      Line 248 is the $call->Call line

      The output from my script looks like this:

      object = MACHINE\SYSTEM\CurrentControlSet\services Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Win32::API::new: Loading library 'advapi32' GetProcAddress('GetNamedSecurityInfo') = '1967724532' Object blessed! Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289772, 0, 8289752. 0, 0, 8289772, 0, 8289752. Win32::API::new: Loading library 'kernel32' GetProcAddress('LocalFree') = '1974480092' Object blessed! object = MACHINE\SYSTEM\CurrentControlSet\Services Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\Services. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289772, 0, 8289752. 0, 0, 8289772, 0, 8289752. object = MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\.NET +CLR Data. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289892, 0, 8289872. 0, 0, 8289892, 0, 8289872. object = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\P +erformance . Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8291340, 0, 8291320. 0, 0, 8291340, 0, 8291320. Win32::API::DESTROY: Freeing library 'kernel32' Win32::API::DESTROY: Freeing library 'advapi32'

      Please note that I do not get the verbose Debug output in my main project even though it is calling the same Raw.pm.

        So parameter 1 is $pObjectName?

        Please try padding it and report what happens :)  $pObjectName .= "\0" x 100; or x 1000

        So I've actually added some print statements to Win32\Security\Raw.pm:
        ...

        Thank you. - Others may have a look at it and respond, I have too little expertise on Windows Systems.

        perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
        ;) now turn on Win32::API debugging options :) even if that requires recompiling Win32::API :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1146826]
Approved by johngg
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2018-08-21 01:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Asked to put a square peg in a round hole, I would:









    Results (197 votes). Check out past polls.

    Notices?