Re^2: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242

So I've actually added some print statements to Win32\Security\Raw.pm:

sub GetNamedSecurityInfo {
    my($pObjectName, $ObjectType, $SecurityInfo) = @_;

    print "Raw.pm - pObjectName = $pObjectName.\n";
    print "Raw.pm - ObjectType = $ObjectType.\n";
    print "Raw.pm - SecurityInfo = $SecurityInfo.\n";
    $Win32::API::DEBUG = 1;
    $call ||= Win32::API->new('advapi32', 'GetNamedSecurityInfo', [qw(
+P I I P P P P P)], 'I') or Carp::croak("Unable to connect to GetNamed
+SecurityInfo.");
    
    print "Raw.pm - new Win32::API succeeded\n";
    $ObjectType = &Win32::Security::SE_OBJECT_TYPE->build_mask($Object
+Type);
    print "Raw.pm - obtained objectType = $ObjectType.\n";
    $SecurityInfo = &Win32::Security::SECURITY_INFORMATION->build_mask
+($SecurityInfo);
    print "Raw.pm - obtained security info\n";
    my($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescript
+or) = ("\0"x4) x 5;

    my $retval = $call->Call($pObjectName, int($ObjectType),
            $SecurityInfo, $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl,
+ $ppSecurityDescriptor);
    print "Raw.pm - retVal set\n";
    $retval and Carp::croak(&_format_error('GetNamedSecurityInfo', $re
+tval));

    foreach ($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDe
+scriptor) {
        $_ = unpack("V", $_);
    }

    print "$ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc
+riptor.\n";
    return($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc
+riptor);
}
[download]

So my output for my main project looks like this:

object = MACHINE\SYSTEM\CurrentControlSet\services.
objectType = SE_REGISTRY_KEY.
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
error = Win32::API::Call: parameter 1 had a buffer overflow at c:/perl
+utils/Perl/site/lib/Win32/Security/Raw.pm line 248.
[download]

Line 248 is the $call->Call line

The output from my script looks like this:

object = MACHINE\SYSTEM\CurrentControlSet\services
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Win32::API::new: Loading library 'advapi32'
GetProcAddress('GetNamedSecurityInfo') = '1967724532'
Object blessed!
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289772, 0, 8289752.
0, 0, 8289772, 0, 8289752.
Win32::API::new: Loading library 'kernel32'
GetProcAddress('LocalFree') = '1974480092'
Object blessed!


object = MACHINE\SYSTEM\CurrentControlSet\Services
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\Services.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289772, 0, 8289752.
0, 0, 8289772, 0, 8289752.


object = MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\.NET 
+CLR Data.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289892, 0, 8289872.
0, 0, 8289892, 0, 8289872.


object = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\P
+erformance
.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8291340, 0, 8291320.
0, 0, 8291340, 0, 8291320.


Win32::API::DESTROY: Freeing library 'kernel32'
Win32::API::DESTROY: Freeing library 'advapi32'
[download]

Please note that I do not get the verbose Debug output in my main project even though it is calling the same Raw.pm.

Comment on Re^2: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 Select or Download Code

Replies are listed 'Best First'.
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 03, 2015 at 22:54 UTC
So parameter 1 is $pObjectName? Please try padding it and report what happens :) `$pObjectName .= "\0" x 100;` or x 1000	[reply] [d/l]
Re^4: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by dt667 (Acolyte) on Nov 04, 2015 at 13:43 UTC
So I tried `$pObjectName .= "\0" x 100;` `$pObjectName .= "\0" x 1000;` `$pObjectName .= "\0" x 10000;` and each one gave the same buffer overflow error. I also noticed that earlier in the main project we call Win32::Security::NamedObject which then calls Win32::Security::Raw and it was working. So I tried duplicating this same logic where I am seeing the error with no luck. I then tried changing the namedobject instance to mimic the problem code and the outcome was the same. The first call worked, subsequent calls failed with the error. So I thought, remove the first call altogether to see if it is some weird memory issue. That also did not work. On a side note, I have seen it "work" on rare occasion (~1 out of 100 or so runs). When this occurs, the values for $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescriptor are the same for every single registry key checked. This leads me to believe the underlying API call is just reading the same memory space over and over again because the values are never the same with my script. Thoughts? This is truly boggling my mind!	[reply] [d/l] [select]
Re^5: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 05, 2015 at 00:31 UTC
Thoughts? Maybe $pObjectName isn't 1, maybe $ObjectType is 1, try padding $ObjectType	[reply]
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by shmem (Chancellor) on Nov 03, 2015 at 20:35 UTC
So I've actually added some print statements to Win32\Security\Raw.pm: ... Thank you. - Others may have a look at it and respond, I have too little expertise on Windows Systems. perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'	[reply]
Re^3: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 03, 2015 at 22:51 UTC
;) now turn on Win32::API debugging options :) even if that requires recompiling Win32::API :)	[reply]
Re^4: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by dt667 (Acolyte) on Nov 18, 2015 at 14:35 UTC
I have tried recompiling Win32::API with no luck but I've never recompiled a module before so maybe my system isn't setup correctly.	[reply]
Re^5: Win32::API::Call: parameter 1 had a buffer overflow at c:/Perl/site/lib/Win32/Security/Raw.pm line 242 by Anonymous Monk on Nov 19, 2015 at 00:08 UTC
I have tried recompiling Win32::API with no luck but I've never recompiled a module before so maybe my system isn't setup correctly. Ok, good luck	[reply]