Modify

Opened 15 years ago

Closed 15 years ago

#1393 closed Bug (Fixed)

Script crashes with error reported in EventLog.au3 at line 475

Reported by: jonwetherbee@… Owned by: Jpm
Milestone: 3.3.3.2 Component: Standard UDFs
Version: 3.3.2.0 Severity: None
Keywords: Cc:

Description

My Usage:
Script uses EventLog.au3 to access remote event logs. The task is to simply open, read all available records, and close the log.

Problem:
Shortly after starting, script crashes reporting an error at line 475 of EventLog.au3 involving use of a subscript with a non-array variable. This code assumes _SecurityLookupAccountSid only returns an array. In fact, _SecurityLookupAccountSid can return zero.

Initial Solution:
Change the code in EventLog.au3 line 475 to test for an array before using it.

Below are the two functions involved in the problem. The first is _EventLogDecodeUserName from EventLog.au3 - where the error is. The second is _SecurityLookupAccountSid from Security.au3 for reference only.

######################################################

REFERENCE: (Taken from EventLog.au3)

######################################################

Note that _EventLogDecodeUserName assumes _SecurityLookupAccountSid
will always returns an array.

; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: _EventLogDecodeUserName
; Description ...: Decodes the user name from an event log record
; Syntax.........: _EventLog
DecodeUserName($tEventLog)
; Parameters ....: $tEventLog - tagEVENTLOGRECORD structure
; Return values .: Success - User name
; Author ........: Paul Campbell (PaulIA)
; Modified.......: Gary Frost (gafrost)
; Remarks .......: This function is used internally
; Related .......:
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func _EventLogDecodeUserName($tEventLog)

Local $pEventLog = DllStructGetPtr($tEventLog)
If DllStructGetData($tEventLog, "UserSidLength") = 0 Then Return ""
Local $pAcctSID = $pEventLog + DllStructGetData($tEventLog, "UserSidOffset")
Local $aAcctInfo = _SecurityLookupAccountSid($pAcctSID)


; Return $aAcctInfo[1] [original line 475] Revised 5-Jan-2010 - jrw

	If IsArray($aAcctInfo) Then Return $aAcctInfo[1]	Return ''

EndFunc ;==>_EventLogDecodeUserName

######################################################

REFERENCE: (Taken from Security.au3)

######################################################

Note that _SecurityLookupAccountSid MAY NOT return an array.

=======

; #FUNCTION# ====================================================================================================================
; Name...........: _SecurityLookupAccountSid
; Description ...: Retrieves the name of the account for a SID
; Syntax.........: _Security
LookupAccountSid($vSID)
; Parameters ....: $vSID - Either a binary SID or a string SID
; Return values .: Success - Array with the following format:
; |$aAcct[0] - Account name
; |$aAcct[1] - Domain name
; |$aAcct[2] - SID type, which can be one of the following values:
; | 1 - Indicates a user SID
; | 2 - Indicates a group SID
; | 3 - Indicates a domain SID
; | 4 - Indicates an alias SID
; | 5 - Indicates a SID for a well-known group
; | 6 - Indicates a SID for a deleted account
; | 7 - Indicates an invalid SID
; | 8 - Indicates an unknown SID type
; | 9 - Indicates a SID for a computer
; Failure - 0
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......:
; Related .......: _SecurityLookupAccountName, _SecurityGetAccountSid
; Link ..........: @@MsdnLink@@ LookupAccountSid
; Example .......:
; ===============================================================================================================================
Func _SecurityLookupAccountSid($vSID)

Local $pSID, $aAcct[3]

If IsString($vSID) Then

Local $tSID = _SecurityStringSidToSid($vSID)
$pSID = DllStructGetPtr($tSID)

Else

$pSID = $vSID

EndIf
If Not _SecurityIsValidSid($pSID) Then Return SetError(-1, 0, 0)

Local $aResult = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", 0, "ptr", $pSID, "wstr", "", "dword*", 256, _

"wstr", "", "dword*", 256, "int*", 0)

If @error Then Return SetError(@error, @extended, 0)
If Not $aResult[0] Then Return 0

Local $aAcct[3]
$aAcct[0] = $aResult[3] ; Name
$aAcct[1] = $aResult[5] ; Domain
$aAcct[2] = $aResult[7] ; SNU
Return $aAcct

EndFunc ;==>_SecurityLookupAccountSid

Attachments (0)

Change History (1)

comment:1 Changed 15 years ago by Jpm

  • Milestone set to 3.3.3.2
  • Owner changed from Gary to Jpm
  • Resolution set to Fixed
  • Status changed from new to closed

Fixed by revision [5524] in version: 3.3.3.2

Guidelines for posting comments:

  • You cannot re-open a ticket but you may still leave a comment if you have additional information to add.
  • In-depth discussions should take place on the forum.

For more information see the full version of the ticket guidelines here.

Add Comment

Modify Ticket

Action
as closed The owner will remain Jpm.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.