fix: When calculating the group string length include length of PBIS.… (

#308) * fix: When calculating the group string length include length of PBIS. Its used as a marker for AD group password field (#302) * fix: Bump version from 9.1.1 to 9.1.2 Co-authored-by: rali <rali>
BeyondTrust · Feb 1, 2021 · 7119ef7 · 7119ef7
1 parent 2a639fc
commit 7119ef7
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 14 deletions.
diff --git a/MakeKitBuild b/MakeKitBuild
@@ -136,7 +136,7 @@ configure()
     LW_PRODUCT_VERSION=9.1
 #   Update LW_PRODUCT_QFE with each release, resetting to zero when the
 #   LW_PRODUCT_VERSION changes.
-    LW_PRODUCT_QFE=1
+    LW_PRODUCT_QFE=2
     LW_VERSION="${LW_PRODUCT_VERSION}.${LW_PRODUCT_QFE}.${LW_BUILD_ID:-0}"
 
     mk_declare -i \

diff --git a/lsass/interop/nsswitch/common/nss-group.c b/lsass/interop/nsswitch/common/nss-group.c
@@ -92,6 +92,8 @@ LsaNssGetNumberGroupMembers(
     return dwNumMembers;
 }
 
+PCSTR pszPBIS = "PBIS";
+
 DWORD
 LsaNssComputeGroupStringLength(
     DWORD dwAlignBytes,
@@ -103,12 +105,14 @@ LsaNssComputeGroupStringLength(
     DWORD dwNumMembers = 0;
 
     if (!LW_IS_NULL_OR_EMPTY_STR(pGroupInfo->pszName)) {
-       dwLength += strlen(pGroupInfo->pszName) + 1;
+       dwLength += strlen(pGroupInfo->pszName) + 1;  // Plus 1 for terminator
     }
 
     if (!LW_IS_NULL_OR_EMPTY_STR(pGroupInfo->pszPasswd)) {
-       dwLength += strlen(pGroupInfo->pszPasswd) + 1;
+       dwLength += strlen(pGroupInfo->pszPasswd) + 1; // Plus 1 for terminator
     }
+    else
+       dwLength += strlen(pszPBIS) + 1;  // Add one for null terminator
 
     /* Adding space for group members */
     dwLength += dwAlignBytes;
@@ -118,12 +122,15 @@ LsaNssComputeGroupStringLength(
         ppszMember++)
     {
         dwLength += sizeof(PSTR);
-        dwLength += strlen(*ppszMember) + 1;
+        dwLength += strlen(*ppszMember) + 1; // Add one for null terminator
         dwNumMembers++;
     }
     // Account for terminating NULL always
     dwLength += sizeof(PSTR);
 
+    // Pad out to word align.
+    dwLength = dwLength + sizeof(PSTR) - (dwLength % sizeof(PSTR));
+
     return dwLength;
 }
 
@@ -186,42 +193,47 @@ LsaNssWriteGroupInfo(
             PSTR pszMemberMarker = NULL;
             DWORD iMember = 0;
 
-            // This is where we start writing the members
+            // MemberMarker is where we start writing the members. 
+            // Marker is where we start writing the pointer for each member
+            // Plus 1 to skip past the null terminator for the list of pointers.
             pszMemberMarker = pszMarker + (sizeof(PSTR) * (dwNumMembers + 1));
 
             for (iMember = 0; iMember < dwNumMembers; iMember++)
             {
                 *(pResultGroup->gr_mem+iMember) = pszMemberMarker;
                 pszMarker += sizeof(PSTR);
 
-                dwLen = strlen(*(pGroupInfo_1->ppszMembers + iMember));
+                // Plus 1 so memcpy includes the null string terminator
+                dwLen = strlen(*(pGroupInfo_1->ppszMembers + iMember)) + 1;
                 memcpy(pszMemberMarker, *(pGroupInfo_1->ppszMembers + iMember), dwLen);
-                pszMemberMarker += dwLen + 1;
+                pszMemberMarker += dwLen;
             }
             // Handle the terminating NULL
             *(pResultGroup->gr_mem+iMember) = NULL;
             pszMarker = ++pszMemberMarker; // skip NULL
         }
 
         if (!LW_IS_NULL_OR_EMPTY_STR(pGroupInfo_1->pszName)) {
-           dwLen = strlen(pGroupInfo_1->pszName);
+           // Plus 1 so memcpy includes the null string terminator
+           dwLen = strlen(pGroupInfo_1->pszName) + 1;
            memcpy(pszMarker, pGroupInfo_1->pszName, dwLen);
            pResultGroup->gr_name = pszMarker;
-           pszMarker += dwLen + 1;
+           pszMarker += dwLen;
         }
 
         if (!LW_IS_NULL_OR_EMPTY_STR(pGroupInfo_1->pszPasswd)) {
-           dwLen = strlen(pGroupInfo_1->pszPasswd);
+           // Plus 1 so memcpy includes the null string terminator
+           dwLen = strlen(pGroupInfo_1->pszPasswd) + 1;
            memcpy(pszMarker, pGroupInfo_1->pszPasswd, dwLen);
            pResultGroup->gr_passwd = pszMarker;
-           pszMarker += dwLen + 1;
+           pszMarker += dwLen;
         }
         else{
-            PCSTR pszPBIS = "PBIS";
-            dwLen = strlen(pszPBIS);
+            // Plus 1 so memcpy includes the null string terminator
+            dwLen = strlen(pszPBIS) + 1;
             memcpy(pszMarker, pszPBIS, dwLen);
             pResultGroup->gr_passwd = pszMarker;
-            pszMarker += dwLen + 1;
+            pszMarker += dwLen;
         }
     }
     else