Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242

dt667 has asked for the wisdom of the Perl Monks concerning the following question:

For the life of me, I cannot figure out why I cannot reproduce this error outside of my main project. This is with Perl 5.20 and I am trying to get the security information for a registry key. Here is the code as written in my main project followed by a code snippet that I have tried running outside of the project to reproduce the error.

sub getEffectiveRights
{
    my $object = $_[1];
    my $objectType = $_[2];
    my $binarySid = $_[3];
    my $error = undef;
    my $result = undef;

    # Establish variables.
    my $psidOwner;
    my $psidGroup;
    my $pDacl;
    my $pSacl;
    my $pSecurityDescriptor;

    try
    {
        $logger->debug("Object: $object");
        # Call GetNamedSecurityInfo. This is to get the DACL.
        ($psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescriptor)
+ = Win32::Security::Raw::GetNamedSecurityInfo(
            $object, $objectType, 'DACL_SECURITY_INFORMATION');
        print "returned from Win32::Security::Raw::GetNamedSecurityInf
+o\n";
        unless (defined($pDacl))
        {
            throw Error::Simple("An error occurred trying to access th
+e discretionary access control entries for security object '" . $obje
+ct . "'.");
        }
        
        # Build the trustee structure.
        my $trustee = System_Functions->buildTrusteeWithSid($binarySid
+);
        
        # Get the access mask.
        $result = System_Functions->getEffectiveRightsFromAcl($pDacl, 
+$trustee);
    }
    catch Error::Simple with {
        $error = shift;
        print "error = $error\n";
    }
    finally
    {
        # Clear memory.
        if (defined($pSecurityDescriptor))
        {
            Win32::Security::Raw::LocalFree($pSecurityDescriptor);
        }
    };

    if (defined($error))
    {
        throw Error::Simple("Could not access '$object'. Verify that i
+t exists and that you have permission to access it. $error");
    }
    return $result;
}
[download]

And the script that works outside of the main project:

use warnings;
use strict;
use Win32::Security::Raw;

#my $object = "MACHINE\\SYSTEM\\CurrentControlSet\\Services";
my @objects = ("MACHINE\\SYSTEM\\CurrentControlSet\\services","MACHINE
+\\SYSTEM\\CurrentControlSet\\Services","MACHINE\\SYSTEM\\CurrentContr
+olSet\\services\\.NET CLR Data", "MACHINE\\SYSTEM\\CurrentControlSet\
+\services\\Lsa\\Performance");
my $ObjectType = 'SE_REGISTRY_KEY';
my $SecurityInfo = 'DACL_SECURITY_INFORMATION';

# Establish variables.
my $psidOwner;
my $psidGroup;
my $pDacl;
my $pSacl;
my $pSecurityDescriptor;

foreach my $object (@objects) {
    print "object = $object\n";
    # Call GetNamedSecurityInfo. This is to get the DACL.
    ($psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescriptor) = W
+in32::Security::Raw::GetNamedSecurityInfo($object, $ObjectType, 'DACL
+_SECURITY_INFORMATION');
    print "$psidOwner, $psidGroup, $pDacl, $pSacl, $pSecurityDescripto
+r.\n";

    if (defined($pSecurityDescriptor))
    {
        Win32::Security::Raw::LocalFree($pSecurityDescriptor);
    }
    print "\n\n";
}
[download]

I noticed that Win32::API, which is called by Win32::Security::Raw, changed significantly since Perl 5.12 and now has buffer overflow protection built-in but I'm unsure why it would be complaining about "parameter 1". Any help would be greatly appreciative as this is preventing us from upgrading to Perl 5.20.

Comment on Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 Select or Download Code

Replies are listed 'Best First'.
Re: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by shmem (Chancellor) on Nov 03, 2015 at 18:33 UTC
Here is the code as written in my main project followed by a code snippet that I have tried running outside of the project to reproduce the error. ~~In the code snippet I cannot see a call to `getEffectiveRights(@args)` as stated in your first code block. How do both pieces relate?~~ Ah, it is about `Win32::Security::Raw::GetNamedSecurityInfo`. You should dump the contents of `@_` in `sub getEffectiveRights` - just to be sure the right parameters are passed. Output/logs from both would be helpful, too, in order to help you. perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'	[reply] [d/l] [select]
Re^2: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by dt667 (Acolyte) on Nov 03, 2015 at 19:56 UTC
So I've actually added some print statements to Win32\Security\Raw.pm: sub GetNamedSecurityInfo { my($pObjectName, $ObjectType, $SecurityInfo) = @_; print "Raw.pm - pObjectName = $pObjectName.\n"; print "Raw.pm - ObjectType = $ObjectType.\n"; print "Raw.pm - SecurityInfo = $SecurityInfo.\n"; $Win32::API::DEBUG = 1; $call \|\|= Win32::API->new('advapi32', 'GetNamedSecurityInfo', [qw( +P I I P P P P P)], 'I') or Carp::croak("Unable to connect to GetNamed +SecurityInfo."); print "Raw.pm - new Win32::API succeeded\n"; $ObjectType = &Win32::Security::SE_OBJECT_TYPE->build_mask($Object +Type); print "Raw.pm - obtained objectType = $ObjectType.\n"; $SecurityInfo = &Win32::Security::SECURITY_INFORMATION->build_mask +($SecurityInfo); print "Raw.pm - obtained security info\n"; my($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescript +or) = ("\0"x4) x 5; my $retval = $call->Call($pObjectName, int($ObjectType), $SecurityInfo, $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, + $ppSecurityDescriptor); print "Raw.pm - retVal set\n"; $retval and Carp::croak(&_format_error('GetNamedSecurityInfo', $re +tval)); foreach ($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDe +scriptor) { $_ = unpack("V", $_); } print "$ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc +riptor.\n"; return($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc +riptor); } [download] So my output for my main project looks like this: `object = MACHINE\SYSTEM\CurrentControlSet\services. objectType = SE_REGISTRY_KEY. Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info error = Win32::API::Call: parameter 1 had a buffer overflow at c:/perl +utils/Perl/site/lib/Win32/Security/Raw.pm line 248.` [download] Line 248 is the $call->Call line The output from my script looks like this: object = MACHINE\SYSTEM\CurrentControlSet\services Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Win32::API::new: Loading library 'advapi32' GetProcAddress('GetNamedSecurityInfo') = '1967724532' Object blessed! Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289772, 0, 8289752. 0, 0, 8289772, 0, 8289752. Win32::API::new: Loading library 'kernel32' GetProcAddress('LocalFree') = '1974480092' Object blessed! object = MACHINE\SYSTEM\CurrentControlSet\Services Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\Services. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289772, 0, 8289752. 0, 0, 8289772, 0, 8289752. object = MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\.NET +CLR Data. Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8289892, 0, 8289872. 0, 0, 8289892, 0, 8289872. object = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\P +erformance . Raw.pm - ObjectType = SE_REGISTRY_KEY. Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION. Raw.pm - new Win32::API succeeded Raw.pm - obtained objectType = 4. Raw.pm - obtained security info Raw.pm - retVal set 0, 0, 8291340, 0, 8291320. 0, 0, 8291340, 0, 8291320. Win32::API::DESTROY: Freeing library 'kernel32' Win32::API::DESTROY: Freeing library 'advapi32' [download] Please note that I do not get the verbose Debug output in my main project even though it is calling the same Raw.pm.	[reply] [d/l] [select]
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 03, 2015 at 22:54 UTC
So parameter 1 is $pObjectName? Please try padding it and report what happens :) `$pObjectName .= "\0" x 100;` or x 1000	[reply] [d/l]
Re^4: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by dt667 (Acolyte) on Nov 04, 2015 at 13:43 UTC
Re^5: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 05, 2015 at 00:31 UTC
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by shmem (Chancellor) on Nov 03, 2015 at 20:35 UTC
So I've actually added some print statements to Win32\Security\Raw.pm: ... Thank you. - Others may have a look at it and respond, I have too little expertise on Windows Systems. perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'	[reply]
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 03, 2015 at 22:51 UTC
;) now turn on Win32::API debugging options :) even if that requires recompiling Win32::API :)	[reply]
Re^4: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by dt667 (Acolyte) on Nov 18, 2015 at 14:35 UTC
Re^5: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 19, 2015 at 00:08 UTC