FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Tue May 18, 2021 11:02



Post new topic Reply to topic  [ 2 posts ] 
wimapply fails in ntfs-3g valid_acl due to size assumption 
Author Message

Joined: Mon Aug 15, 2016 21:50
Posts: 1
Post wimapply fails in ntfs-3g valid_acl due to size assumption
I have a WIM image created from a recent Windows Server 2016 preview build. I'm running wimapply from Linux and trying to write that image contents to an NTFS partition. wimapply fails.

ntfs-3g_ntfsprogs-2016.2.22

#0 valid_acl (pacl=0xeaa964, end=396) at acls.c:621
#1 0x00007ffff7fac61d in ntfs_valid_descr (securattr=0xeaa910 "\001", attrsz=480) at acls.c:730
#2 0x00007ffff7fd4ba1 in ntfs_set_ntfs_acl (scx=0x7fffffffe150, ni=0x287e8f0, value=0xeaa910 "\001", size=480,
flags=<optimized out>) at security.c:3204

This is the code that blows up. It assumes that the size of the ACE is always an exact function of the sum of the subauthorities, and fails if not.

static BOOL valid_acl(const ACL *pacl, unsigned int end)
{
...
if (((offace + acesz) > end)
|| !ntfs_valid_sid(&pace->sid)
|| ((ntfs_sid_size(&pace->sid) + 8) != (int)acesz)) // FAILS TEST HERE
ok = FALSE;
offace += acesz;
}
}
return (ok);
}

I changed it to just check that the stated size is at least as big as the sum of the subauthorities and it worked.
((ntfs_sid_size(&pace->sid) + 8) > (int)acesz)

Here's more info from GDB.
pdacl = 0xeaa964
(gdb) p *pdacl
$2 = {revision = 2 '\002', alignment1 = 0 '\000', size = 368, ace_count = 10, alignment2 = 0}

This is the ACE that the code choked on.
pace = 0xeaaa94
(gdb) p *pace
$1 = {type = 9, flags = 0, size = 64, mask = 1179817, sid = {revision = 1 '\001', sub_authority_count = 2 '\002',
identifier_authority = {{high_part = 0, low_part = 83886080}, value = "\000\000\000\000\000\005"},
sub_authority = {32}}}


Mon Aug 15, 2016 22:15
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: wimapply fails in ntfs-3g valid_acl due to size assumption
Hi,

Quote:
This is the code that blows up. It assumes that the size of the ACE is always an exact function of the sum of the subauthorities, and fails if not.

Microsoft apparently changed the rules for Windows 10. There can now be trailing garbage after the last ACE.

The fix is available on
https://sourceforge.net/p/ntfs-3g/ntfs- ... 3dcf4863e/

Regards

Jean-Pierre


Tue Aug 16, 2016 08:12
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


Who is online

Users browsing this forum: Google [Bot] and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.